diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 6aa3dd2172..e94c5e22a8 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -182,6 +182,58 @@ jobs:
repository: ${{ env.DOCKER_NAMESPACE }}/${{ matrix.component }}
readme-filepath: ./${{ matrix.component }}/docs/README.DockerHub-Core.md
+ # ---- Build Stage | AutoDiscovery ----
+
+ auto-discovery-kubernetes:
+ name: "AutoDiscovery | Kubernetes"
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v2
+
+ - name: Go Setup
+ uses: actions/setup-go@v2
+ with:
+ go-version: ${{ env.GO_VERSION }}
+
+ - name: Lint Go Code
+ working-directory: ./auto-discovery/kubernetes
+ run: |
+ go fmt ./...
+ go vet ./...
+
+ - name: Test
+ working-directory: ./auto-discovery/kubernetes/
+ run: make test
+
+ - name: Docker Meta
+ id: docker_meta
+ uses: crazy-max/ghaction-docker-meta@v1
+ with:
+ images: ${{ env.DOCKER_NAMESPACE }}/auto-discovery-kubernetes
+ tag-sha: true
+ tag-semver: |
+ {{ version }}
+
+ - name: Set up Docker Buildx
+ uses: docker/setup-buildx-action@v1
+
+ - name: Login to DockerHub
+ uses: docker/login-action@v1
+ with:
+ username: ${{ secrets.DOCKER_USERNAME }}
+ password: ${{ secrets.DOCKER_TOKEN }}
+
+ - name: Build and Push
+ uses: docker/build-push-action@v2
+ with:
+ context: ./auto-discovery/kubernetes/
+ file: ./auto-discovery/kubernetes/Dockerfile
+ platforms: linux/amd64
+ push: true
+ tags: ${{ steps.docker_meta.outputs.tags }}
+ labels: ${{ steps.docker_meta.outputs.labels }}
+
# ---- Build Stage | SDK Matrix ----
sdk:
diff --git a/.github/workflows/helm-docs.yaml b/.github/workflows/helm-docs.yaml
index c171e9956a..4f0425e258 100644
--- a/.github/workflows/helm-docs.yaml
+++ b/.github/workflows/helm-docs.yaml
@@ -30,14 +30,19 @@ jobs:
cd helm-docs
curl --output helm-docs.tar.gz --location https://github.com/norwoodj/helm-docs/releases/download/v1.5.0/helm-docs_1.5.0_Linux_x86_64.tar.gz
+ # Checksum must be extracted from the checksum file every time helm-docs gets updated.
+ echo "a352e13a8438045b8ed138b821cb757c177acd999c1af77345152d7a64b0ddb7 helm-docs.tar.gz" | shasum --check
+
tar -xvf helm-docs.tar.gz
# Verify installation
./helm-docs --version
+ sudo mv helm-docs /usr/local/bin/helm-docs
+
- name: Generate Helm Docs
run: |
# Generate README.md based on Chart.yaml and template
- ./helm-docs/helm-docs --template-files=./.helm-docs/templates.gotmpl --template-files=.helm-docs.gotmpl --template-files=./.helm-docs/README.md.gotmpl
+ helm-docs --template-files=./.helm-docs/templates.gotmpl --template-files=.helm-docs.gotmpl --template-files=./.helm-docs/README.md.gotmpl
- name: Generate Demo-Apps Docs
run: |
@@ -51,8 +56,8 @@ jobs:
cd "${dir}" || exit
if [ -d "docs" ]; then
echo "Docs Folder found at: ${dir}/docs"
- ./../../helm-docs/helm-docs --template-files=./../../.helm-docs/templates.gotmpl --template-files=.helm-docs.gotmpl --template-files=./../../.helm-docs/README.DockerHub-Target.md.gotmpl --output-file=docs/README.DockerHub-Target.md
- ./../../helm-docs/helm-docs --template-files=./../../.helm-docs/templates.gotmpl --template-files=.helm-docs.gotmpl --template-files=./../../.helm-docs/README.ArtifactHub.md.gotmpl --output-file=docs/README.ArtifactHub.md
+ helm-docs --template-files=./../../.helm-docs/templates.gotmpl --template-files=.helm-docs.gotmpl --template-files=./../../.helm-docs/README.DockerHub-Target.md.gotmpl --output-file=docs/README.DockerHub-Target.md
+ helm-docs --template-files=./../../.helm-docs/templates.gotmpl --template-files=.helm-docs.gotmpl --template-files=./../../.helm-docs/README.ArtifactHub.md.gotmpl --output-file=docs/README.ArtifactHub.md
else
echo "Ignoring Docs creation process for Chart $dir, because no `docs` folder found at: ${dir}/docs"
fi
@@ -71,8 +76,8 @@ jobs:
cd "${dir}" || exit
if [ -d "docs" ]; then
echo "Docs Folder found at: ${dir}/docs"
- ./../../helm-docs/helm-docs --template-files=./../../.helm-docs/templates.gotmpl --template-files=.helm-docs.gotmpl --template-files=./../../.helm-docs/README.DockerHub-Hook.md.gotmpl --output-file=docs/README.DockerHub-Hook.md
- ./../../helm-docs/helm-docs --template-files=./../../.helm-docs/templates.gotmpl --template-files=.helm-docs.gotmpl --template-files=./../../.helm-docs/README.ArtifactHub.md.gotmpl --output-file=docs/README.ArtifactHub.md
+ helm-docs --template-files=./../../.helm-docs/templates.gotmpl --template-files=.helm-docs.gotmpl --template-files=./../../.helm-docs/README.DockerHub-Hook.md.gotmpl --output-file=docs/README.DockerHub-Hook.md
+ helm-docs --template-files=./../../.helm-docs/templates.gotmpl --template-files=.helm-docs.gotmpl --template-files=./../../.helm-docs/README.ArtifactHub.md.gotmpl --output-file=docs/README.ArtifactHub.md
else
echo "Ignoring Docs creation process for Chart $dir, because no `docs` folder found at: ${dir}/docs"
fi
@@ -93,35 +98,46 @@ jobs:
echo "Docs Folder found at: ${dir}/docs"
if [ -d "parser" ]; then
echo "Parser found at: ${dir}/parser"
- ./../../helm-docs/helm-docs --template-files=./../../.helm-docs/templates.gotmpl --template-files=.helm-docs.gotmpl --template-files=./../../.helm-docs/README.DockerHub-Parser.md.gotmpl --output-file=docs/README.DockerHub-Parser.md
+ helm-docs --template-files=./../../.helm-docs/templates.gotmpl --template-files=.helm-docs.gotmpl --template-files=./../../.helm-docs/README.DockerHub-Parser.md.gotmpl --output-file=docs/README.DockerHub-Parser.md
fi
if [ -d "scanner" ]; then
echo "Scanner found at: ${dir}/parser"
- ./../../helm-docs/helm-docs --template-files=./../../.helm-docs/templates.gotmpl --template-files=.helm-docs.gotmpl --template-files=./../../.helm-docs/README.DockerHub-Scanner.md.gotmpl --output-file=docs/README.DockerHub-Scanner.md
+ helm-docs --template-files=./../../.helm-docs/templates.gotmpl --template-files=.helm-docs.gotmpl --template-files=./../../.helm-docs/README.DockerHub-Scanner.md.gotmpl --output-file=docs/README.DockerHub-Scanner.md
fi
- ./../../helm-docs/helm-docs --template-files=./../../.helm-docs/templates.gotmpl --template-files=.helm-docs.gotmpl --template-files=./../../.helm-docs/README.ArtifactHub.md.gotmpl --output-file=docs/README.ArtifactHub.md
+ helm-docs --template-files=./../../.helm-docs/templates.gotmpl --template-files=.helm-docs.gotmpl --template-files=./../../.helm-docs/README.ArtifactHub.md.gotmpl --output-file=docs/README.ArtifactHub.md
else
echo "Ignoring Docs creation process for Chart $dir, because no `docs` folder found at: ${dir}/docs"
fi
)
done
- - name: Generate Core Docs
+ - name: Generate Core (Operator) Docs
run: |
# Start in the operator folder
cd operator
if [ -d "docs" ]; then
echo "Docs Folder found at: operator/docs"
- ./../helm-docs/helm-docs --template-files=./../.helm-docs/templates.gotmpl --template-files=.helm-docs.gotmpl --template-files=./../.helm-docs/README.DockerHub-Core.md.gotmpl --output-file=docs/README.DockerHub-Core.md
- ./../helm-docs/helm-docs --template-files=./../.helm-docs/templates.gotmpl --template-files=.helm-docs.gotmpl --template-files=./../.helm-docs/README.ArtifactHub.md.gotmpl --output-file=docs/README.ArtifactHub.md
+ helm-docs --template-files=./../.helm-docs/templates.gotmpl --template-files=.helm-docs.gotmpl --template-files=./../.helm-docs/README.DockerHub-Core.md.gotmpl --output-file=docs/README.DockerHub-Core.md
+ helm-docs --template-files=./../.helm-docs/templates.gotmpl --template-files=.helm-docs.gotmpl --template-files=./../.helm-docs/README.ArtifactHub.md.gotmpl --output-file=docs/README.ArtifactHub.md
else
echo "Ignoring Docs creation process for Chart $dir, because no `docs` folder found at: operator/docs"
fi
+ - name: Generate Core (AutoDiscovery Kubernetes) Docs
+ run: |
+ cd auto-discovery/kubernetes
+ if [ -d "docs" ]; then
+ echo "Docs Folder found at: auto-discovery/kubernetes/docs"
+ helm-docs --template-files=./../../.helm-docs/templates.gotmpl --template-files=.helm-docs.gotmpl --template-files=./../../.helm-docs/README.DockerHub-Core.md.gotmpl --output-file=docs/README.DockerHub-Core.md
+ helm-docs --template-files=./../../.helm-docs/templates.gotmpl --template-files=.helm-docs.gotmpl --template-files=./../../.helm-docs/README.ArtifactHub.md.gotmpl --output-file=docs/README.ArtifactHub.md
+ else
+ echo "Ignoring Docs creation process for Chart $dir, because no `docs` folder found at: auto-discovery/kubernetes/docs"
+ fi
- name: Remove Helm Docs Files
run: |
- # Remove helm-docs download to ensure they don't get commited back
+ # Remove helm-docs download to ensure they don't get committed back
rm -rf helm-docs
+
- uses: stefanzweifel/git-auto-commit-action@v4.11.0
with:
commit_message: Updating Helm Docs
diff --git a/.helm-docs/README.DockerHub-Core.md.gotmpl b/.helm-docs/README.DockerHub-Core.md.gotmpl
index 53ff017378..e2737d488e 100644
--- a/.helm-docs/README.DockerHub-Core.md.gotmpl
+++ b/.helm-docs/README.DockerHub-Core.md.gotmpl
@@ -12,7 +12,7 @@ SPDX-License-Identifier: Apache-2.0
{{ template "extra.dockerDeploymentSection" . }}
## How to use this image
-This `core` image is intended to work in combination with the OWASP secureCodeBox. For more informations details please take a look at the documentation page: {{ template "chart.homepage" . }}.
+This `core` image is intended to work in combination with the OWASP secureCodeBox. For more information details please take a look at the documentation page: {{ template "chart.homepage" . }}.
```bash
docker pull securecodebox/{{ template "chart.name" . }}
diff --git a/.helm-docs/README.DockerHub-Hook.md.gotmpl b/.helm-docs/README.DockerHub-Hook.md.gotmpl
index a885064349..9e35ffa65b 100644
--- a/.helm-docs/README.DockerHub-Hook.md.gotmpl
+++ b/.helm-docs/README.DockerHub-Hook.md.gotmpl
@@ -12,7 +12,7 @@ SPDX-License-Identifier: Apache-2.0
{{ template "extra.dockerDeploymentSection" . }}
## How to use this image
-This `hook` image is intended to work in combination with other `parser` images to read or manipulate `findings` results. For more informations details please take a look at the [project page][scb-docs] or [documentation page][{{ template "chart.homepage" . }}].
+This `hook` image is intended to work in combination with other `parser` images to read or manipulate `findings` results. For more information details please take a look at the [project page][scb-docs] or [documentation page][{{ template "chart.homepage" . }}].
```bash
docker pull securecodebox/hook-{{ template "chart.name" . }}
diff --git a/.helm-docs/README.DockerHub-Parser.md.gotmpl b/.helm-docs/README.DockerHub-Parser.md.gotmpl
index 5857f95785..069a5873d9 100644
--- a/.helm-docs/README.DockerHub-Parser.md.gotmpl
+++ b/.helm-docs/README.DockerHub-Parser.md.gotmpl
@@ -12,7 +12,7 @@ SPDX-License-Identifier: Apache-2.0
{{ template "extra.dockerDeploymentSection" . }}
## How to use this image
-This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more informations details please take a look at the documentation page: {{ template "chart.homepage" . }}.
+This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more information details please take a look at the documentation page: {{ template "chart.homepage" . }}.
```bash
docker pull securecodebox/parser-{{ template "chart.name" . }}
diff --git a/.helm-docs/README.DockerHub-Scanner.md.gotmpl b/.helm-docs/README.DockerHub-Scanner.md.gotmpl
index 8c72184ed3..48c2669557 100644
--- a/.helm-docs/README.DockerHub-Scanner.md.gotmpl
+++ b/.helm-docs/README.DockerHub-Scanner.md.gotmpl
@@ -12,7 +12,7 @@ SPDX-License-Identifier: Apache-2.0
{{ template "extra.dockerDeploymentSection" . }}
## How to use this image
-This `scanner` image is intended to work in combination with the corresponding `parser` image to parse the scanner `findings` to generic secureCodeBox results. For more informations details please take a look at the [project page][scb-docs] or [documentation page][{{ template "chart.homepage" . }}].
+This `scanner` image is intended to work in combination with the corresponding `parser` image to parse the scanner `findings` to generic secureCodeBox results. For more information details please take a look at the [project page][scb-docs] or [documentation page][{{ template "chart.homepage" . }}].
```bash
docker pull securecodebox/scanner-{{ template "chart.name" . }}
diff --git a/.helm-docs/README.DockerHub-Target.md.gotmpl b/.helm-docs/README.DockerHub-Target.md.gotmpl
index 63c657cb69..a1d8361c3b 100644
--- a/.helm-docs/README.DockerHub-Target.md.gotmpl
+++ b/.helm-docs/README.DockerHub-Target.md.gotmpl
@@ -12,7 +12,7 @@ SPDX-License-Identifier: Apache-2.0
{{ template "extra.dockerDeploymentSection" . }}
## How to use this image
-This image is an potentialy vulnerable service or application which is used for demo purposes, automated tests and trainings.
+This image is a potentially vulnerable service or application which is used for demo purposes, automated tests and trainings.
```bash
docker pull securecodebox/{{ template "chart.name" . }}
diff --git a/.helm-docs/templates.gotmpl b/.helm-docs/templates.gotmpl
index e88b8d5051..6d40fe50da 100644
--- a/.helm-docs/templates.gotmpl
+++ b/.helm-docs/templates.gotmpl
@@ -18,12 +18,12 @@ SPDX-License-Identifier: Apache-2.0
{{- end }}
@@ -49,7 +49,7 @@ You can find resources to help you get started on our [documentation website](ht
{{- define "extra.chartDeploymentSection" -}}
## Deployment
-The {{ template "chart.name" . }} `scanType` can be deployed via helm:
+The {{ template "chart.name" . }} chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/auto-discovery/kubernetes/.dockerignore b/auto-discovery/kubernetes/.dockerignore
new file mode 100644
index 0000000000..6c0b51f1e2
--- /dev/null
+++ b/auto-discovery/kubernetes/.dockerignore
@@ -0,0 +1,10 @@
+# SPDX-FileCopyrightText: 2021 iteratec GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+# More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file
+# Ignore all files which are not go type
+!**/*.go
+!**/*.mod
+!**/*.sum
+auto-discovery-config.yaml
\ No newline at end of file
diff --git a/auto-discovery/kubernetes/.gitignore b/auto-discovery/kubernetes/.gitignore
new file mode 100644
index 0000000000..687e89059e
--- /dev/null
+++ b/auto-discovery/kubernetes/.gitignore
@@ -0,0 +1,28 @@
+# SPDX-FileCopyrightText: 2021 iteratec GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+bin
+testbin/*
+
+# Test binary, build with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Kubernetes Generated files - skip generated files, except for vendored files
+
+!vendor/**/zz_generated.*
+
+# editor and IDE paraphernalia
+.idea
+*.swp
+*.swo
+*~
diff --git a/auto-discovery/kubernetes/.helm-docs.gotmpl b/auto-discovery/kubernetes/.helm-docs.gotmpl
new file mode 100644
index 0000000000..0d8dc3eabd
--- /dev/null
+++ b/auto-discovery/kubernetes/.helm-docs.gotmpl
@@ -0,0 +1,131 @@
+{{- /*
+SPDX-FileCopyrightText: 2020 iteratec GmbH
+
+SPDX-License-Identifier: Apache-2.0
+*/ -}}
+
+{{- define "extra.docsSection" -}}
+---
+title: "secreCodeBox AutoDiscovery for Kubernetes"
+category: "core"
+type: "AutoDiscovery"
+state: "released"
+appVersion: "{{ template "chart.appVersion" . }}"
+usecase: "secureCodeBox AutoDiscovery for Kubernetes discovers and starts scans for apps running in the cluster."
+---
+
+
+
+The secureCodeBox _AutoDiscovery_ is running on kubernetes (K8S) and is an optional component of the complete secureCodeBox stack.
+The Kubernetes AutoDiscovery needs to be deployed along side the secureCodeBox Operator. It monitors security relevant resources inside a K8S environment and automatically create scans to continuously monitor security aspects of the resources.
+
+
+
+The AutoDiscovery controller will automatically detect these new resources (services) and start secureCodeBox _scans_ for them:
+
+1. A ZAP Baseline Scan to detect basic web vulnerabilities in the service. (Using OWASP ZAP)
+2. (WIP) A image scan scanning for vulnerable libraries in the docker / container image of the deployment. (Using trivy)
+3. (WIP) A TLS Scan against the certificate of the ingress for the host. (Using SSLyze)
+
+The AutoDiscovery automatically tracks the lifecycle of the kubernetes resources and will automatically start new scans for new application versions.
+{{- end }}
+
+{{- define "extra.dockerDeploymentSection" -}}
+{{- end }}
+
+{{- define "extra.chartAboutSection" -}}
+## Example
+
+
+
+
+
+This example deploys [JuiceShop](https://owasp.org/www-project-juice-shop/) to a new Kubernetes Namespace.
+(You can find the kubernetes manifests for the deployment [here](./demo/juice-shop.yaml))
+
+The AutoDiscovery will automatically pick up this new deployment and then starts a OWASP ZAP Scan against it.
+The scan created uses our `zap-advanced` ScanType by default, this can be changed with the `config.serviceAutoDiscovery.scanConfig.scanType` config on the autoDiscovery helm release.
+{{- end }}
+
+{{- define "extra.scannerConfigurationSection" -}}
+{{- end }}
+
+{{- define "extra.chartConfigurationSection" -}}
+### In / Excluding Resources from the AutoDiscovery
+
+The AutoDiscovery allows different modes to determine if a resource is supposed to be scanned.
+These modes allow you to gradually roll out the AutoDiscovery in a cluster.
+This allows to roll it out in cluster without a "big bang" where the AutoDiscovery starts a scan for every app in the cluster which would likely exhaust the clusters compute resources.
+
+The three different modes are:
+
+1. `enabled-per-namespace` (default): [See section](#enabled-per-namespace-mode-default)
+2. `enabled-per-resource`: [See section](#enabled-per-resource-mode)
+3. `scan-all`: [See section](#scan-all-mode)
+
+#### Enabled per Namespace Mode (default)
+
+Enable this by setting `config.resourceInclusion.mode=enable-per-namespace`.
+
+This mode will start scans for resources in namespaces with the annotation `auto-discovery.securecodebox.io/enabled=true`.
+
+```bash
+# enable AutoDiscovery in namespace "juice-shop"
+kubectl annotate namespace juice-shop auto-discovery.securecodebox.io/enabled=true
+```
+
+If you want to exclude a certain resource in a otherwise AutoDiscovery enabled namespace, you can exclude it by annotating it with `auto-discovery.securecodebox.io/ignore=true`.
+
+```bash
+# disable AutoDiscovery for service "foobar"
+kubectl -n juice-shop annotate service foobar auto-discovery.securecodebox.io/ignore=true
+```
+
+#### Enabled per Resource Mode
+
+Enable this by setting `config.resourceInclusion.mode=enabled-per-resource`.
+
+This mode will start scans for every resources with the annotation `auto-discovery.securecodebox.io/enabled=true`.
+
+```bash
+# enable AutoDiscovery for service "juice-shop"
+kubectl -n juice-shop annotate service juice-shop auto-discovery.securecodebox.io/enabled=true
+```
+
+#### Scan All Mode
+
+Enable this by setting `config.resourceInclusion.mode=scan-all`.
+
+This mode will start scans for **every** resources in the cluster **unless** it has the annotation `auto-discovery.securecodebox.io/ignore=true`.
+
+> ⚠️ Using this setting in larger cluster will likely start a large number of scans in the cluster. This could block all available compute resource in your cluster and seriously affect your applications availability.
+
+```bash
+# *disable* AutoDiscovery for service "juice-shop"
+kubectl -n juice-shop annotate service juice-shop auto-discovery.securecodebox.io/ignore=true
+```
+
+{{- end }}
+
+{{- define "extra.scannerLinksSection" -}}
+## Development
+
+### Run the AutoDiscovery locally
+
+To avoid having to build & deploy the AutoDiscovery every time you make a code change you can run it locally.
+It automatically connects to your current cluster configured in your kube config.
+
+```bash
+make run
+```
+
+### Running the tests
+
+```bash
+# execute the tests locally
+make test
+
+# view the test coverage
+go tool cover -html=cover.out
+```
+{{- end }}
\ No newline at end of file
diff --git a/auto-discovery/kubernetes/.helmignore b/auto-discovery/kubernetes/.helmignore
new file mode 100644
index 0000000000..099a1ad68d
--- /dev/null
+++ b/auto-discovery/kubernetes/.helmignore
@@ -0,0 +1,13 @@
+bin/
+config/
+controller/
+hack/
+demo/
+cloudbuild.yml
+Dockerfile
+go.mod
+go.sum
+main.go
+Makefile
+PROJECT
+auto-discovery-config.yaml
\ No newline at end of file
diff --git a/auto-discovery/kubernetes/Chart.yaml b/auto-discovery/kubernetes/Chart.yaml
new file mode 100644
index 0000000000..5958db6653
--- /dev/null
+++ b/auto-discovery/kubernetes/Chart.yaml
@@ -0,0 +1,48 @@
+# SPDX-FileCopyrightText: 2021 iteratec GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+apiVersion: v2
+name: auto-discovery-kubernetes
+description: "Automatically creates secureCodeBox Scans for Resources found in the Kubernetes Cluster"
+
+type: application
+
+# version - gets automatically set to the secureCodeBox release version when the helm charts gets published
+version: 3.0.0-beta1
+kubeVersion: ">=v1.11.0-0"
+
+keywords:
+ - security
+ - secureCodeBox
+ - auto-discovery
+home: https://docs.securecodebox.io/docs/getting-started/installation
+icon: https://docs.securecodebox.io/img/Icon_Blue.svg
+sources:
+ - https://github.com/secureCodeBox/secureCodeBox
+maintainers:
+ - name: iteratec GmbH
+ email: secureCodeBox@iteratec.com
+
+# Artifacthub.io specific annotations
+# https://artifacthub.io/docs/topics/annotations/helm/
+annotations:
+ artifacthub.io/changes: |
+ - first initial introduction of the new secureCodeBox Autodiscovery
+ artifacthub.io/containsSecurityUpdates: "true"
+ artifacthub.io/images: |
+ - name: securecodebox-auto-discovery-kubernetes
+ image: docker.io/securecodebox/auto-discovery-kubernetes
+ artifacthub.io/license: Apache-2.0
+ artifacthub.io/links: |
+ - name: Documentation
+ url: https://docs.securecodebox.io/docs/getting-started/installation
+ - name: Homepage
+ url: https://www.securecodebox.io
+ - name: iteratec GmbH
+ url: https://www.iteratec.com
+ artifacthub.io/operator: "true"
+ artifacthub.io/operatorCapabilities: Seamless Upgrades
+ artifacthub.io/prerelease: "true"
+ artifacthub.io/recommendations: |
+ - url: https://artifacthub.io/packages/helm/seccurecodebox/operator
diff --git a/auto-discovery/kubernetes/Dockerfile b/auto-discovery/kubernetes/Dockerfile
new file mode 100644
index 0000000000..7d1c7efd09
--- /dev/null
+++ b/auto-discovery/kubernetes/Dockerfile
@@ -0,0 +1,31 @@
+# SPDX-FileCopyrightText: 2021 iteratec GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+# Build the manager binary
+FROM golang:1.15 as builder
+
+WORKDIR /workspace
+# Copy the Go Modules manifests
+COPY go.mod go.mod
+COPY go.sum go.sum
+# cache deps before building and copying source so that we don't need to re-download as much
+# and so that source changes don't invalidate our downloaded layer
+RUN go mod download
+
+# Copy the go source
+COPY main.go main.go
+COPY api/ api/
+COPY controllers/ controllers/
+COPY pkg/ pkg/
+
+# Build
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o manager main.go
+
+# Use distroless as minimal base image to package the manager binary
+# Refer to https://github.com/GoogleContainerTools/distroless for more details
+FROM gcr.io/distroless/static:nonroot
+WORKDIR /
+COPY --from=builder /workspace/manager .
+
+ENTRYPOINT ["/manager"]
diff --git a/auto-discovery/kubernetes/Makefile b/auto-discovery/kubernetes/Makefile
new file mode 100644
index 0000000000..f2cf76c7b8
--- /dev/null
+++ b/auto-discovery/kubernetes/Makefile
@@ -0,0 +1,117 @@
+# SPDX-FileCopyrightText: 2021 iteratec GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+# Image URL to use all building/pushing image targets
+IMG ?= controller:latest
+# Produce CRDs that work back to Kubernetes 1.11 (no version conversion)
+CRD_OPTIONS ?= "crd:trivialVersions=true,preserveUnknownFields=false"
+
+# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
+ifeq (,$(shell go env GOBIN))
+GOBIN=$(shell go env GOPATH)/bin
+else
+GOBIN=$(shell go env GOBIN)
+endif
+
+# Setting SHELL to bash allows bash commands to be executed by recipes.
+# This is a requirement for 'setup-envtest.sh' in the test target.
+# Options are set to exit when a recipe line exits non-zero or a piped command fails.
+SHELL = /usr/bin/env bash -o pipefail
+.SHELLFLAGS = -ec
+
+all: build
+
+##@ General
+
+# The help target prints out all targets with their descriptions organized
+# beneath their categories. The categories are represented by '##@' and the
+# target descriptions by '##'. The awk commands is responsible for reading the
+# entire set of makefiles included in this invocation, looking for lines of the
+# file as xyz: ## something, and then pretty-format the target and help. Then,
+# if there's a line with ##@ something, that gets pretty-printed as a category.
+# More info on the usage of ANSI control characters for terminal formatting:
+# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters
+# More info on the awk command:
+# http://linuxcommand.org/lc3_adv_awk.php
+
+help: ## Display this help.
+ @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
+
+##@ Development
+
+manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
+ $(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases
+
+generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
+ $(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..."
+
+fmt: ## Run go fmt against code.
+ go fmt ./...
+
+vet: ## Run go vet against code.
+ go vet ./...
+
+ENVTEST_ASSETS_DIR=$(shell pwd)/testbin
+
+test-setup: manifests generate fmt vet ## Run tests.
+ mkdir -p ${ENVTEST_ASSETS_DIR}
+ test -f ${ENVTEST_ASSETS_DIR}/setup-envtest.sh || curl -sSLo ${ENVTEST_ASSETS_DIR}/setup-envtest.sh https://raw.githubusercontent.com/kubernetes-sigs/controller-runtime/v0.7.2/hack/setup-envtest.sh
+
+
+test: test-setup
+ source ${ENVTEST_ASSETS_DIR}/setup-envtest.sh; fetch_envtest_tools $(ENVTEST_ASSETS_DIR); setup_envtest_env $(ENVTEST_ASSETS_DIR); go test ./... -coverprofile cover.out
+ginkgo:
+ source ${ENVTEST_ASSETS_DIR}/setup-envtest.sh; fetch_envtest_tools $(ENVTEST_ASSETS_DIR); setup_envtest_env $(ENVTEST_ASSETS_DIR); ginkgo test ./... -coverprofile cover.out -v --progress
+
+##@ Build
+
+build: generate fmt vet ## Build manager binary.
+ go build -o bin/manager main.go
+
+run: manifests generate fmt vet ## Run a controller from your host.
+ go run ./main.go --config auto-discovery-config.yaml
+
+docker-build: test ## Build docker image with the manager.
+ docker build -t ${IMG} .
+
+docker-push: ## Push docker image with the manager.
+ docker push ${IMG}
+
+##@ Deployment
+
+install: manifests kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config.
+ $(KUSTOMIZE) build config/crd | kubectl apply -f -
+
+uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config.
+ $(KUSTOMIZE) build config/crd | kubectl delete -f -
+
+deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
+ cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
+ $(KUSTOMIZE) build config/default | kubectl apply -f -
+
+undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config.
+ $(KUSTOMIZE) build config/default | kubectl delete -f -
+
+
+CONTROLLER_GEN = $(shell pwd)/bin/controller-gen
+controller-gen: ## Download controller-gen locally if necessary.
+ $(call go-get-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen@v0.4.1)
+
+KUSTOMIZE = $(shell pwd)/bin/kustomize
+kustomize: ## Download kustomize locally if necessary.
+ $(call go-get-tool,$(KUSTOMIZE),sigs.k8s.io/kustomize/kustomize/v3@v3.8.7)
+
+# go-get-tool will 'go get' any package $2 and install it to $1.
+PROJECT_DIR := $(shell dirname $(abspath $(lastword $(MAKEFILE_LIST))))
+define go-get-tool
+@[ -f $(1) ] || { \
+set -e ;\
+TMP_DIR=$$(mktemp -d) ;\
+cd $$TMP_DIR ;\
+go mod init tmp ;\
+echo "Downloading $(2)" ;\
+GOBIN=$(PROJECT_DIR)/bin go get $(2) ;\
+rm -rf $$TMP_DIR ;\
+}
+endef
diff --git a/auto-discovery/kubernetes/PROJECT b/auto-discovery/kubernetes/PROJECT
new file mode 100644
index 0000000000..5d00592604
--- /dev/null
+++ b/auto-discovery/kubernetes/PROJECT
@@ -0,0 +1,16 @@
+componentConfig: true
+domain: securecodebox.io
+layout:
+- go.kubebuilder.io/v3
+projectName: auto-discovery
+repo: github.com/secureCodeBox/secureCodeBox/auto-discovery/kubernetes
+resources:
+- api:
+ crdVersion: v1
+ namespaced: true
+ domain: securecodebox.io
+ group: config
+ kind: AutoDiscoveryConfig
+ path: github.com/secureCodeBox/secureCodeBox/auto-discovery/kubernetes/api/v1
+ version: v1
+version: "3"
diff --git a/auto-discovery/kubernetes/README.md b/auto-discovery/kubernetes/README.md
new file mode 100644
index 0000000000..4318d49d65
--- /dev/null
+++ b/auto-discovery/kubernetes/README.md
@@ -0,0 +1,190 @@
+---
+title: "secreCodeBox AutoDiscovery for Kubernetes"
+category: "core"
+type: "AutoDiscovery"
+state: "released"
+appVersion: ""
+usecase: "secureCodeBox AutoDiscovery for Kubernetes discovers and starts scans for apps running in the cluster."
+---
+
+
+
+The secureCodeBox _AutoDiscovery_ is running on kubernetes (K8S) and is an optional component of the complete secureCodeBox stack.
+The Kubernetes AutoDiscovery needs to be deployed along side the secureCodeBox Operator. It monitors security relevant resources inside a K8S environment and automatically create scans to continuously monitor security aspects of the resources.
+
+
+
+The AutoDiscovery controller will automatically detect these new resources (services) and start secureCodeBox _scans_ for them:
+
+1. A ZAP Baseline Scan to detect basic web vulnerabilities in the service. (Using OWASP ZAP)
+2. (WIP) A image scan scanning for vulnerable libraries in the docker / container image of the deployment. (Using trivy)
+3. (WIP) A TLS Scan against the certificate of the ingress for the host. (Using SSLyze)
+
+The AutoDiscovery automatically tracks the lifecycle of the kubernetes resources and will automatically start new scans for new application versions.
+
+
+
+
+
+
+
+
+
+
+
+
+
+## Example
+
+
+
+
+
+This example deploys [JuiceShop](https://owasp.org/www-project-juice-shop/) to a new Kubernetes Namespace.
+(You can find the kubernetes manifests for the deployment [here](./demo/juice-shop.yaml))
+
+The AutoDiscovery will automatically pick up this new deployment and then starts a OWASP ZAP Scan against it.
+The scan created uses our `zap-advanced` ScanType by default, this can be changed with the `config.serviceAutoDiscovery.scanConfig.scanType` config on the autoDiscovery helm release.
+
+## Deployment
+The auto-discovery-kubernetes chart can be deployed via helm:
+
+```bash
+# Install HelmChart (use -n to configure another namespace)
+helm upgrade --install auto-discovery-kubernetes secureCodeBox/auto-discovery-kubernetes
+```
+
+## Requirements
+
+Kubernetes: `>=v1.11.0-0`
+
+### In / Excluding Resources from the AutoDiscovery
+
+The AutoDiscovery allows different modes to determine if a resource is supposed to be scanned.
+These modes allow you to gradually roll out the AutoDiscovery in a cluster.
+This allows to roll it out in cluster without a "big bang" where the AutoDiscovery starts a scan for every app in the cluster which would likely exhaust the clusters compute resources.
+
+The three different modes are:
+
+1. `enabled-per-namespace` (default): [See section](#enabled-per-namespace-mode-default)
+2. `enabled-per-resource`: [See section](#enabled-per-resource-mode)
+3. `scan-all`: [See section](#scan-all-mode)
+
+#### Enabled per Namespace Mode (default)
+
+Enable this by setting `config.resourceInclusion.mode=enable-per-namespace`.
+
+This mode will start scans for resources in namespaces with the annotation `auto-discovery.securecodebox.io/enabled=true`.
+
+```bash
+# enable AutoDiscovery in namespace "juice-shop"
+kubectl annotate namespace juice-shop auto-discovery.securecodebox.io/enabled=true
+```
+
+If you want to exclude a certain resource in a otherwise AutoDiscovery enabled namespace, you can exclude it by annotating it with `auto-discovery.securecodebox.io/ignore=true`.
+
+```bash
+# disable AutoDiscovery for service "foobar"
+kubectl -n juice-shop annotate service foobar auto-discovery.securecodebox.io/ignore=true
+```
+
+#### Enabled per Resource Mode
+
+Enable this by setting `config.resourceInclusion.mode=enabled-per-resource`.
+
+This mode will start scans for every resources with the annotation `auto-discovery.securecodebox.io/enabled=true`.
+
+```bash
+# enable AutoDiscovery for service "juice-shop"
+kubectl -n juice-shop annotate service juice-shop auto-discovery.securecodebox.io/enabled=true
+```
+
+#### Scan All Mode
+
+Enable this by setting `config.resourceInclusion.mode=scan-all`.
+
+This mode will start scans for **every** resources in the cluster **unless** it has the annotation `auto-discovery.securecodebox.io/ignore=true`.
+
+> ⚠️ Using this setting in larger cluster will likely start a large number of scans in the cluster. This could block all available compute resource in your cluster and seriously affect your applications availability.
+
+```bash
+# *disable* AutoDiscovery for service "juice-shop"
+kubectl -n juice-shop annotate service juice-shop auto-discovery.securecodebox.io/ignore=true
+```
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| config.apiVersion | string | `"config.securecodebox.io/v1"` | |
+| config.cluster.name | string | `"docker-desktop"` | |
+| config.health.healthProbeBindAddress | string | `":8081"` | |
+| config.kind | string | `"AutoDiscoveryConfig"` | |
+| config.leaderElection.leaderElect | bool | `true` | |
+| config.leaderElection.resourceName | string | `"0e41a1f4.securecodebox.io"` | |
+| config.metrics.bindAddress | string | `"127.0.0.1:8080"` | |
+| config.resourceInclusion.mode | string | `"enabled-per-namespace"` | |
+| config.serviceAutoDiscovery.passiveReconcileInterval | string | `"1m"` | interval in which every service is re-checked for updated pods, if service object is updated directly this the service will get reconciled immediately |
+| config.serviceAutoDiscovery.scanConfig.annotations | object | `{"defectdojo.securecodebox.io/engagement-name":"{{ .Target.Name }}","defectdojo.securecodebox.io/engagement-version":"{{if (index .Target.Labels `app.kubernetes.io/version`) }}{{ index .Target.Labels `app.kubernetes.io/version` }}{{end}}","defectdojo.securecodebox.io/product-name":"{{ .Cluster.Name }} | {{ .Namespace.Name }} | {{ .Target.Name }}","defectdojo.securecodebox.io/product-tags":"cluster/{{ .Cluster.Name }},namespace/{{ .Namespace.Name }}"}` | annotations to be added to the scans started by the auto-discovery |
+| config.serviceAutoDiscovery.scanConfig.labels | object | `{}` | labels to be added to the scans started by the auto-discovery |
+| config.serviceAutoDiscovery.scanConfig.parameters | list | `["-t","{{ .Host.Type }}://{{ .Service.Name }}.{{ .Service.Namespace }}.svc:{{ .Host.Port }}"]` | parameters used for the scans created by the serviceAutoDiscovery |
+| config.serviceAutoDiscovery.scanConfig.repeatInterval | string | `"168h"` | interval in which scans are automatically repeated. If the target is updated (meaning a new image revision is deployed) the scan will repeated beforehand and the interval is reset. |
+| config.serviceAutoDiscovery.scanConfig.scanType | string | `"zap-advanced-scan"` | scanType used for the scans created by the serviceAutoDiscovery |
+| image.pullPolicy | string | `"Always"` | |
+| image.repository | string | `"securecodebox/auto-discovery-kubernetes"` | |
+| image.tag | string | `nil` | |
+| podSecurityContext | object | `{}` | Sets the securityContext on the operators pod level. See: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container |
+| resources | object | `{"limits":{"cpu":"100m","memory":"100Mi"},"requests":{"cpu":"100m","memory":"20Mi"}}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) |
+| securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["all"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true}` | Sets the securityContext on the operators container level. See: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod |
+| securityContext.allowPrivilegeEscalation | bool | `false` | Ensure that users privileges cannot be escalated |
+| securityContext.capabilities.drop[0] | string | `"all"` | This drops all linux privileges from the operator container. They are not required |
+| securityContext.privileged | bool | `false` | Ensures that the operator container is not run in privileged mode |
+| securityContext.readOnlyRootFilesystem | bool | `true` | Prevents write access to the containers file system |
+| securityContext.runAsNonRoot | bool | `true` | Enforces that the Operator image is run as a non root user |
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license].
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
+## Development
+
+### Run the AutoDiscovery locally
+
+To avoid having to build & deploy the AutoDiscovery every time you make a code change you can run it locally.
+It automatically connects to your current cluster configured in your kube config.
+
+```bash
+make run
+```
+
+### Running the tests
+
+```bash
+# execute the tests locally
+make test
+
+# view the test coverage
+go tool cover -html=cover.out
+```
diff --git a/auto-discovery/kubernetes/api/v1/autodiscoveryconfig_types.go b/auto-discovery/kubernetes/api/v1/autodiscoveryconfig_types.go
new file mode 100644
index 0000000000..f1cb19f655
--- /dev/null
+++ b/auto-discovery/kubernetes/api/v1/autodiscoveryconfig_types.go
@@ -0,0 +1,68 @@
+/*
+Copyright 2021 iteratec GmbH.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1
+
+import (
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ cfg "sigs.k8s.io/controller-runtime/pkg/config/v1alpha1"
+)
+
+//+kubebuilder:object:root=true
+type AutoDiscoveryConfig struct {
+ metav1.TypeMeta `json:",inline"`
+
+ // ControllerManagerConfigurationSpec returns the contfigurations for controllers
+ cfg.ControllerManagerConfigurationSpec `json:",inline"`
+
+ Cluster ClusterConfig `json:"cluster"`
+ ResourceInclusion ResourceInclusionConfig `json:"resourceInclusion"`
+ ServiceAutoDiscoveryConfig ServiceAutoDiscoveryConfig `json:"serviceAutoDiscovery"`
+}
+
+type ServiceAutoDiscoveryConfig struct {
+ PassiveReconcileInterval metav1.Duration `json:"passiveReconcileInterval"`
+ ScanConfig ScanConfig `json:"scanConfig"`
+}
+
+type ClusterConfig struct {
+ Name string `json:"name"`
+}
+
+// ResourceInclusionMode Modes which can be used to trigger "ResourceInclusion" behavior which dictaes which resources are considered by the auto-discovery.
+type ResourceInclusionMode string
+
+const (
+ EnabledPerNamespace ResourceInclusionMode = "enabled-per-namespace"
+ EnabledPerResource ResourceInclusionMode = "enabled-per-resource"
+ All ResourceInclusionMode = "all"
+)
+
+type ResourceInclusionConfig struct {
+ Mode ResourceInclusionMode `json:"mode"`
+}
+
+type ScanConfig struct {
+ RepeatInterval metav1.Duration `json:"repeatInterval"`
+ Annotations map[string]string `json:"annotations"`
+ Labels map[string]string `json:"labels"`
+ ScanType string `json:"scanType"`
+ Parameters []string `json:"parameters"`
+}
+
+func init() {
+ SchemeBuilder.Register(&AutoDiscoveryConfig{})
+}
diff --git a/auto-discovery/kubernetes/api/v1/groupversion_info.go b/auto-discovery/kubernetes/api/v1/groupversion_info.go
new file mode 100644
index 0000000000..5302096100
--- /dev/null
+++ b/auto-discovery/kubernetes/api/v1/groupversion_info.go
@@ -0,0 +1,36 @@
+/*
+Copyright 2021 iteratec GmbH.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package v1 contains API Schema definitions for the config v1 API group
+//+kubebuilder:object:generate=true
+//+groupName=config.securecodebox.io
+package v1
+
+import (
+ "k8s.io/apimachinery/pkg/runtime/schema"
+ "sigs.k8s.io/controller-runtime/pkg/scheme"
+)
+
+var (
+ // GroupVersion is group version used to register these objects
+ GroupVersion = schema.GroupVersion{Group: "config.securecodebox.io", Version: "v1"}
+
+ // SchemeBuilder is used to add go types to the GroupVersionKind scheme
+ SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}
+
+ // AddToScheme adds the types in this group-version to the given scheme.
+ AddToScheme = SchemeBuilder.AddToScheme
+)
diff --git a/auto-discovery/kubernetes/api/v1/zz_generated.deepcopy.go b/auto-discovery/kubernetes/api/v1/zz_generated.deepcopy.go
new file mode 100644
index 0000000000..04c3ebe81b
--- /dev/null
+++ b/auto-discovery/kubernetes/api/v1/zz_generated.deepcopy.go
@@ -0,0 +1,135 @@
+// +build !ignore_autogenerated
+
+/*
+Copyright 2021 iteratec GmbH.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by controller-gen. DO NOT EDIT.
+
+package v1
+
+import (
+ runtime "k8s.io/apimachinery/pkg/runtime"
+)
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *AutoDiscoveryConfig) DeepCopyInto(out *AutoDiscoveryConfig) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ControllerManagerConfigurationSpec.DeepCopyInto(&out.ControllerManagerConfigurationSpec)
+ out.Cluster = in.Cluster
+ out.ResourceInclusion = in.ResourceInclusion
+ in.ServiceAutoDiscoveryConfig.DeepCopyInto(&out.ServiceAutoDiscoveryConfig)
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AutoDiscoveryConfig.
+func (in *AutoDiscoveryConfig) DeepCopy() *AutoDiscoveryConfig {
+ if in == nil {
+ return nil
+ }
+ out := new(AutoDiscoveryConfig)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *AutoDiscoveryConfig) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ClusterConfig) DeepCopyInto(out *ClusterConfig) {
+ *out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterConfig.
+func (in *ClusterConfig) DeepCopy() *ClusterConfig {
+ if in == nil {
+ return nil
+ }
+ out := new(ClusterConfig)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ResourceInclusionConfig) DeepCopyInto(out *ResourceInclusionConfig) {
+ *out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceInclusionConfig.
+func (in *ResourceInclusionConfig) DeepCopy() *ResourceInclusionConfig {
+ if in == nil {
+ return nil
+ }
+ out := new(ResourceInclusionConfig)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ScanConfig) DeepCopyInto(out *ScanConfig) {
+ *out = *in
+ out.RepeatInterval = in.RepeatInterval
+ if in.Annotations != nil {
+ in, out := &in.Annotations, &out.Annotations
+ *out = make(map[string]string, len(*in))
+ for key, val := range *in {
+ (*out)[key] = val
+ }
+ }
+ if in.Labels != nil {
+ in, out := &in.Labels, &out.Labels
+ *out = make(map[string]string, len(*in))
+ for key, val := range *in {
+ (*out)[key] = val
+ }
+ }
+ if in.Parameters != nil {
+ in, out := &in.Parameters, &out.Parameters
+ *out = make([]string, len(*in))
+ copy(*out, *in)
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScanConfig.
+func (in *ScanConfig) DeepCopy() *ScanConfig {
+ if in == nil {
+ return nil
+ }
+ out := new(ScanConfig)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ServiceAutoDiscoveryConfig) DeepCopyInto(out *ServiceAutoDiscoveryConfig) {
+ *out = *in
+ out.PassiveReconcileInterval = in.PassiveReconcileInterval
+ in.ScanConfig.DeepCopyInto(&out.ScanConfig)
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAutoDiscoveryConfig.
+func (in *ServiceAutoDiscoveryConfig) DeepCopy() *ServiceAutoDiscoveryConfig {
+ if in == nil {
+ return nil
+ }
+ out := new(ServiceAutoDiscoveryConfig)
+ in.DeepCopyInto(out)
+ return out
+}
diff --git a/auto-discovery/kubernetes/auto-discovery-config.yaml b/auto-discovery/kubernetes/auto-discovery-config.yaml
new file mode 100644
index 0000000000..a139eb4c6a
--- /dev/null
+++ b/auto-discovery/kubernetes/auto-discovery-config.yaml
@@ -0,0 +1,44 @@
+# SPDX-FileCopyrightText: 2021 iteratec GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+# This is a config you can use to run / test / debug the auto-discovery locally while developing
+
+apiVersion: config.securecodebox.io/v1
+kind: AutoDiscoveryConfig
+
+# kubebuilder config
+
+metrics:
+ bindAddress: 127.0.0.1:8081
+# webhook:
+# port: 9443
+leaderElection:
+ leaderElect: false
+ resourceName: 80807133.tutorial.kubebuilder.io
+
+# secureCodeBox AutoDiscovery Config
+cluster:
+ name: docker-desktop
+
+resourceInclusion:
+ mode: enabled-per-namespace
+
+serviceAutoDiscovery:
+ passiveReconcileInterval: 10s
+ scanConfig:
+ scanType: zap-advanced-scan
+ # -- parameters used for the scans created by the serviceAutoDiscovery
+ parameters:
+ - "-t"
+ - "{{ .Host.Type }}://{{ .Service.Name }}.{{ .Service.Namespace }}.svc:{{ .Host.Port }}"
+ # -- interval in which scans are automatically repeated. If the target is updated (meaning a new image revision is deployed) the scan will repeated beforehand and the interval is reset.
+ repeatInterval: "168h"
+ # -- labels to be added to the scans started by the auto-discovery
+ labels: {}
+ # -- annotations to be added to the scans started by the auto-discovery
+ annotations:
+ defectdojo.securecodebox.io/product-name: "{{ .Cluster.Name }} | {{ .Namespace.Name }} | {{ .Target.Name }}"
+ defectdojo.securecodebox.io/product-tags: "cluster/{{ .Cluster.Name }},namespace/{{ .Namespace.Name }}"
+ defectdojo.securecodebox.io/engagement-name: "{{ .Target.Name }}"
+ defectdojo.securecodebox.io/engagement-version: "{{if (index .Target.Labels `app.kubernetes.io/version`) }}{{ index .Target.Labels `app.kubernetes.io/version` }}{{end}}"
diff --git a/auto-discovery/kubernetes/auto-discovery-demo.svg b/auto-discovery/kubernetes/auto-discovery-demo.svg
new file mode 100644
index 0000000000..c8ff7fc25d
--- /dev/null
+++ b/auto-discovery/kubernetes/auto-discovery-demo.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/auto-discovery/kubernetes/auto-discovery-demo.svg.license b/auto-discovery/kubernetes/auto-discovery-demo.svg.license
new file mode 100644
index 0000000000..7446c9b19d
--- /dev/null
+++ b/auto-discovery/kubernetes/auto-discovery-demo.svg.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: 2021 iteratec GmbH
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/auto-discovery/kubernetes/config/crd/kustomization.yaml b/auto-discovery/kubernetes/config/crd/kustomization.yaml
new file mode 100644
index 0000000000..eab9f3e076
--- /dev/null
+++ b/auto-discovery/kubernetes/config/crd/kustomization.yaml
@@ -0,0 +1,25 @@
+# SPDX-FileCopyrightText: 2021 iteratec GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+# This kustomization.yaml is not intended to be run by itself,
+# since it depends on service name and namespace that are out of this kustomize package.
+# It should be run by config/default
+resources:
+- bases/config.securecodebox.io_autodiscoveryconfigs.yaml
+#+kubebuilder:scaffold:crdkustomizeresource
+
+patchesStrategicMerge:
+# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
+# patches here are for enabling the conversion webhook for each CRD
+#- patches/webhook_in_autodiscoveryconfigs.yaml
+#+kubebuilder:scaffold:crdkustomizewebhookpatch
+
+# [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix.
+# patches here are for enabling the CA injection for each CRD
+#- patches/cainjection_in_autodiscoveryconfigs.yaml
+#+kubebuilder:scaffold:crdkustomizecainjectionpatch
+
+# the following config is for teaching kustomize how to do kustomization for CRDs.
+configurations:
+- kustomizeconfig.yaml
diff --git a/auto-discovery/kubernetes/config/crd/kustomizeconfig.yaml b/auto-discovery/kubernetes/config/crd/kustomizeconfig.yaml
new file mode 100644
index 0000000000..23e613849a
--- /dev/null
+++ b/auto-discovery/kubernetes/config/crd/kustomizeconfig.yaml
@@ -0,0 +1,23 @@
+# SPDX-FileCopyrightText: 2021 iteratec GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+# This file is for teaching kustomize how to substitute name and namespace reference in CRD
+nameReference:
+- kind: Service
+ version: v1
+ fieldSpecs:
+ - kind: CustomResourceDefinition
+ version: v1
+ group: apiextensions.k8s.io
+ path: spec/conversion/webhook/clientConfig/service/name
+
+namespace:
+- kind: CustomResourceDefinition
+ version: v1
+ group: apiextensions.k8s.io
+ path: spec/conversion/webhook/clientConfig/service/namespace
+ create: false
+
+varReference:
+- path: metadata/annotations
diff --git a/auto-discovery/kubernetes/config/crd/patches/cainjection_in_autodiscoveryconfigs.yaml b/auto-discovery/kubernetes/config/crd/patches/cainjection_in_autodiscoveryconfigs.yaml
new file mode 100644
index 0000000000..eb3a7b2f4c
--- /dev/null
+++ b/auto-discovery/kubernetes/config/crd/patches/cainjection_in_autodiscoveryconfigs.yaml
@@ -0,0 +1,11 @@
+# SPDX-FileCopyrightText: 2021 iteratec GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+# The following patch adds a directive for certmanager to inject CA into the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+ name: autodiscoveryconfigs.config.securecodebox.io
diff --git a/auto-discovery/kubernetes/config/crd/patches/webhook_in_autodiscoveryconfigs.yaml b/auto-discovery/kubernetes/config/crd/patches/webhook_in_autodiscoveryconfigs.yaml
new file mode 100644
index 0000000000..193f1166c0
--- /dev/null
+++ b/auto-discovery/kubernetes/config/crd/patches/webhook_in_autodiscoveryconfigs.yaml
@@ -0,0 +1,18 @@
+# SPDX-FileCopyrightText: 2021 iteratec GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+# The following patch enables a conversion webhook for the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: autodiscoveryconfigs.config.securecodebox.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ service:
+ namespace: system
+ name: webhook-service
+ path: /convert
diff --git a/auto-discovery/kubernetes/config/default/kustomization.yaml b/auto-discovery/kubernetes/config/default/kustomization.yaml
new file mode 100644
index 0000000000..fb6c967b94
--- /dev/null
+++ b/auto-discovery/kubernetes/config/default/kustomization.yaml
@@ -0,0 +1,78 @@
+# SPDX-FileCopyrightText: 2021 iteratec GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+# Adds namespace to all resources.
+namespace: auto-discovery-system
+
+# Value of this field is prepended to the
+# names of all resources, e.g. a deployment named
+# "wordpress" becomes "alices-wordpress".
+# Note that it should also match with the prefix (text before '-') of the namespace
+# field above.
+namePrefix: auto-discovery-
+
+# Labels to add to all resources and selectors.
+#commonLabels:
+# someName: someValue
+
+bases:
+- ../crd
+- ../rbac
+- ../manager
+# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
+# crd/kustomization.yaml
+#- ../webhook
+# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required.
+#- ../certmanager
+# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
+#- ../prometheus
+
+patchesStrategicMerge:
+# Protect the /metrics endpoint by putting it behind auth.
+# If you want your controller-manager to expose the /metrics
+# endpoint w/o any authn/z, please comment the following line.
+- manager_auth_proxy_patch.yaml
+
+# Mount the controller config file for loading manager configurations
+# through a ComponentConfig type
+- manager_config_patch.yaml
+
+# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
+# crd/kustomization.yaml
+#- manager_webhook_patch.yaml
+
+# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'.
+# Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks.
+# 'CERTMANAGER' needs to be enabled to use ca injection
+#- webhookcainjection_patch.yaml
+
+# the following config is for teaching kustomize how to do var substitution
+vars:
+# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix.
+#- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR
+# objref:
+# kind: Certificate
+# group: cert-manager.io
+# version: v1
+# name: serving-cert # this name should match the one in certificate.yaml
+# fieldref:
+# fieldpath: metadata.namespace
+#- name: CERTIFICATE_NAME
+# objref:
+# kind: Certificate
+# group: cert-manager.io
+# version: v1
+# name: serving-cert # this name should match the one in certificate.yaml
+#- name: SERVICE_NAMESPACE # namespace of the service
+# objref:
+# kind: Service
+# version: v1
+# name: webhook-service
+# fieldref:
+# fieldpath: metadata.namespace
+#- name: SERVICE_NAME
+# objref:
+# kind: Service
+# version: v1
+# name: webhook-service
diff --git a/auto-discovery/kubernetes/config/default/manager_auth_proxy_patch.yaml b/auto-discovery/kubernetes/config/default/manager_auth_proxy_patch.yaml
new file mode 100644
index 0000000000..51a6efa2ed
--- /dev/null
+++ b/auto-discovery/kubernetes/config/default/manager_auth_proxy_patch.yaml
@@ -0,0 +1,25 @@
+# SPDX-FileCopyrightText: 2021 iteratec GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+# This patch inject a sidecar container which is a HTTP proxy for the
+# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: controller-manager
+ namespace: system
+spec:
+ template:
+ spec:
+ containers:
+ - name: kube-rbac-proxy
+ image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0
+ args:
+ - "--secure-listen-address=0.0.0.0:8443"
+ - "--upstream=http://127.0.0.1:8080/"
+ - "--logtostderr=true"
+ - "--v=10"
+ ports:
+ - containerPort: 8443
+ name: https
diff --git a/auto-discovery/kubernetes/config/default/manager_config_patch.yaml b/auto-discovery/kubernetes/config/default/manager_config_patch.yaml
new file mode 100644
index 0000000000..e3dafe9b29
--- /dev/null
+++ b/auto-discovery/kubernetes/config/default/manager_config_patch.yaml
@@ -0,0 +1,24 @@
+# SPDX-FileCopyrightText: 2021 iteratec GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: controller-manager
+ namespace: system
+spec:
+ template:
+ spec:
+ containers:
+ - name: manager
+ args:
+ - "--config=controller_manager_config.yaml"
+ volumeMounts:
+ - name: manager-config
+ mountPath: /controller_manager_config.yaml
+ subPath: controller_manager_config.yaml
+ volumes:
+ - name: manager-config
+ configMap:
+ name: manager-config
diff --git a/auto-discovery/kubernetes/config/manager/controller_manager_config.yaml b/auto-discovery/kubernetes/config/manager/controller_manager_config.yaml
new file mode 100644
index 0000000000..6f2338f353
--- /dev/null
+++ b/auto-discovery/kubernetes/config/manager/controller_manager_config.yaml
@@ -0,0 +1,15 @@
+# SPDX-FileCopyrightText: 2021 iteratec GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+apiVersion: controller-runtime.sigs.k8s.io/v1alpha1
+kind: ControllerManagerConfig
+health:
+ healthProbeBindAddress: :8081
+metrics:
+ bindAddress: 127.0.0.1:8080
+webhook:
+ port: 9443
+leaderElection:
+ leaderElect: true
+ resourceName: 0e41a1f4.securecodebox.io
diff --git a/auto-discovery/kubernetes/config/manager/kustomization.yaml b/auto-discovery/kubernetes/config/manager/kustomization.yaml
new file mode 100644
index 0000000000..b296967ef4
--- /dev/null
+++ b/auto-discovery/kubernetes/config/manager/kustomization.yaml
@@ -0,0 +1,14 @@
+# SPDX-FileCopyrightText: 2021 iteratec GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+resources:
+- manager.yaml
+
+generatorOptions:
+ disableNameSuffixHash: true
+
+configMapGenerator:
+- name: manager-config
+ files:
+ - controller_manager_config.yaml
diff --git a/auto-discovery/kubernetes/config/manager/manager.yaml b/auto-discovery/kubernetes/config/manager/manager.yaml
new file mode 100644
index 0000000000..386222501a
--- /dev/null
+++ b/auto-discovery/kubernetes/config/manager/manager.yaml
@@ -0,0 +1,58 @@
+# SPDX-FileCopyrightText: 2021 iteratec GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+apiVersion: v1
+kind: Namespace
+metadata:
+ labels:
+ control-plane: controller-manager
+ name: system
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: controller-manager
+ namespace: system
+ labels:
+ control-plane: controller-manager
+spec:
+ selector:
+ matchLabels:
+ control-plane: controller-manager
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ control-plane: controller-manager
+ spec:
+ securityContext:
+ runAsNonRoot: true
+ containers:
+ - command:
+ - /manager
+ image: controller:latest
+ name: manager
+ securityContext:
+ allowPrivilegeEscalation: false
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: 8081
+ initialDelaySeconds: 15
+ periodSeconds: 20
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: 8081
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ resources:
+ limits:
+ cpu: 100m
+ memory: 30Mi
+ requests:
+ cpu: 100m
+ memory: 20Mi
+ serviceAccountName: controller-manager
+ terminationGracePeriodSeconds: 10
diff --git a/auto-discovery/kubernetes/config/prometheus/kustomization.yaml b/auto-discovery/kubernetes/config/prometheus/kustomization.yaml
new file mode 100644
index 0000000000..0452bd0d6a
--- /dev/null
+++ b/auto-discovery/kubernetes/config/prometheus/kustomization.yaml
@@ -0,0 +1,6 @@
+# SPDX-FileCopyrightText: 2021 iteratec GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+resources:
+- monitor.yaml
diff --git a/auto-discovery/kubernetes/config/prometheus/monitor.yaml b/auto-discovery/kubernetes/config/prometheus/monitor.yaml
new file mode 100644
index 0000000000..bb9d670dd5
--- /dev/null
+++ b/auto-discovery/kubernetes/config/prometheus/monitor.yaml
@@ -0,0 +1,23 @@
+# SPDX-FileCopyrightText: 2021 iteratec GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+# Prometheus Monitor Service (Metrics)
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ labels:
+ control-plane: controller-manager
+ name: controller-manager-metrics-monitor
+ namespace: system
+spec:
+ endpoints:
+ - path: /metrics
+ port: https
+ scheme: https
+ bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+ tlsConfig:
+ insecureSkipVerify: true
+ selector:
+ matchLabels:
+ control-plane: controller-manager
diff --git a/auto-discovery/kubernetes/config/rbac/auth_proxy_client_clusterrole.yaml b/auto-discovery/kubernetes/config/rbac/auth_proxy_client_clusterrole.yaml
new file mode 100644
index 0000000000..933af62d44
--- /dev/null
+++ b/auto-discovery/kubernetes/config/rbac/auth_proxy_client_clusterrole.yaml
@@ -0,0 +1,13 @@
+# SPDX-FileCopyrightText: 2021 iteratec GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: metrics-reader
+rules:
+- nonResourceURLs:
+ - "/metrics"
+ verbs:
+ - get
diff --git a/auto-discovery/kubernetes/config/rbac/auth_proxy_role.yaml b/auto-discovery/kubernetes/config/rbac/auth_proxy_role.yaml
new file mode 100644
index 0000000000..ed231f3b81
--- /dev/null
+++ b/auto-discovery/kubernetes/config/rbac/auth_proxy_role.yaml
@@ -0,0 +1,21 @@
+# SPDX-FileCopyrightText: 2021 iteratec GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: proxy-role
+rules:
+- apiGroups:
+ - authentication.k8s.io
+ resources:
+ - tokenreviews
+ verbs:
+ - create
+- apiGroups:
+ - authorization.k8s.io
+ resources:
+ - subjectaccessreviews
+ verbs:
+ - create
diff --git a/auto-discovery/kubernetes/config/rbac/auth_proxy_role_binding.yaml b/auto-discovery/kubernetes/config/rbac/auth_proxy_role_binding.yaml
new file mode 100644
index 0000000000..3386da74ea
--- /dev/null
+++ b/auto-discovery/kubernetes/config/rbac/auth_proxy_role_binding.yaml
@@ -0,0 +1,16 @@
+# SPDX-FileCopyrightText: 2021 iteratec GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: proxy-rolebinding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: proxy-role
+subjects:
+- kind: ServiceAccount
+ name: controller-manager
+ namespace: system
diff --git a/auto-discovery/kubernetes/config/rbac/auth_proxy_service.yaml b/auto-discovery/kubernetes/config/rbac/auth_proxy_service.yaml
new file mode 100644
index 0000000000..79f10f6c75
--- /dev/null
+++ b/auto-discovery/kubernetes/config/rbac/auth_proxy_service.yaml
@@ -0,0 +1,18 @@
+# SPDX-FileCopyrightText: 2021 iteratec GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ control-plane: controller-manager
+ name: controller-manager-metrics-service
+ namespace: system
+spec:
+ ports:
+ - name: https
+ port: 8443
+ targetPort: https
+ selector:
+ control-plane: controller-manager
diff --git a/auto-discovery/kubernetes/config/rbac/autodiscoveryconfig_editor_role.yaml b/auto-discovery/kubernetes/config/rbac/autodiscoveryconfig_editor_role.yaml
new file mode 100644
index 0000000000..85af7c6530
--- /dev/null
+++ b/auto-discovery/kubernetes/config/rbac/autodiscoveryconfig_editor_role.yaml
@@ -0,0 +1,28 @@
+# SPDX-FileCopyrightText: 2021 iteratec GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+# permissions for end users to edit autodiscoveryconfigs.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: autodiscoveryconfig-editor-role
+rules:
+- apiGroups:
+ - config.securecodebox.io
+ resources:
+ - autodiscoveryconfigs
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - config.securecodebox.io
+ resources:
+ - autodiscoveryconfigs/status
+ verbs:
+ - get
diff --git a/auto-discovery/kubernetes/config/rbac/autodiscoveryconfig_viewer_role.yaml b/auto-discovery/kubernetes/config/rbac/autodiscoveryconfig_viewer_role.yaml
new file mode 100644
index 0000000000..443b943de9
--- /dev/null
+++ b/auto-discovery/kubernetes/config/rbac/autodiscoveryconfig_viewer_role.yaml
@@ -0,0 +1,24 @@
+# SPDX-FileCopyrightText: 2021 iteratec GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+# permissions for end users to view autodiscoveryconfigs.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: autodiscoveryconfig-viewer-role
+rules:
+- apiGroups:
+ - config.securecodebox.io
+ resources:
+ - autodiscoveryconfigs
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - config.securecodebox.io
+ resources:
+ - autodiscoveryconfigs/status
+ verbs:
+ - get
diff --git a/auto-discovery/kubernetes/config/rbac/kustomization.yaml b/auto-discovery/kubernetes/config/rbac/kustomization.yaml
new file mode 100644
index 0000000000..d38fe75202
--- /dev/null
+++ b/auto-discovery/kubernetes/config/rbac/kustomization.yaml
@@ -0,0 +1,22 @@
+# SPDX-FileCopyrightText: 2021 iteratec GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+resources:
+# All RBAC will be applied under this service account in
+# the deployment namespace. You may comment out this resource
+# if your manager will use a service account that exists at
+# runtime. Be sure to update RoleBinding and ClusterRoleBinding
+# subjects if changing service account names.
+- service_account.yaml
+- role.yaml
+- role_binding.yaml
+- leader_election_role.yaml
+- leader_election_role_binding.yaml
+# Comment the following 4 lines if you want to disable
+# the auth proxy (https://github.com/brancz/kube-rbac-proxy)
+# which protects your /metrics endpoint.
+- auth_proxy_service.yaml
+- auth_proxy_role.yaml
+- auth_proxy_role_binding.yaml
+- auth_proxy_client_clusterrole.yaml
diff --git a/auto-discovery/kubernetes/config/rbac/leader_election_role.yaml b/auto-discovery/kubernetes/config/rbac/leader_election_role.yaml
new file mode 100644
index 0000000000..623e43d5f9
--- /dev/null
+++ b/auto-discovery/kubernetes/config/rbac/leader_election_role.yaml
@@ -0,0 +1,41 @@
+# SPDX-FileCopyrightText: 2021 iteratec GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+# permissions to do leader election.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: leader-election-role
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
diff --git a/auto-discovery/kubernetes/config/rbac/leader_election_role_binding.yaml b/auto-discovery/kubernetes/config/rbac/leader_election_role_binding.yaml
new file mode 100644
index 0000000000..de18d8a791
--- /dev/null
+++ b/auto-discovery/kubernetes/config/rbac/leader_election_role_binding.yaml
@@ -0,0 +1,16 @@
+# SPDX-FileCopyrightText: 2021 iteratec GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: leader-election-rolebinding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: leader-election-role
+subjects:
+- kind: ServiceAccount
+ name: controller-manager
+ namespace: system
diff --git a/auto-discovery/kubernetes/config/rbac/role.yaml b/auto-discovery/kubernetes/config/rbac/role.yaml
new file mode 100644
index 0000000000..33693ed330
--- /dev/null
+++ b/auto-discovery/kubernetes/config/rbac/role.yaml
@@ -0,0 +1,74 @@
+# SPDX-FileCopyrightText: 2021 iteratec GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ creationTimestamp: null
+ name: manager-role
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - namespaces
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - pods
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - pods/status
+ verbs:
+ - get
+- apiGroups:
+ - ""
+ resources:
+ - services
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - services/status
+ verbs:
+ - get
+- apiGroups:
+ - execution.securecodebox.io
+ resources:
+ - scantypes
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - execution.securecodebox.io
+ resources:
+ - scheduledscans
+ verbs:
+ - create
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - execution.securecodebox.io/status
+ resources:
+ - scheduledscans
+ verbs:
+ - get
+ - patch
+ - update
diff --git a/auto-discovery/kubernetes/config/rbac/role_binding.yaml b/auto-discovery/kubernetes/config/rbac/role_binding.yaml
new file mode 100644
index 0000000000..10872f334f
--- /dev/null
+++ b/auto-discovery/kubernetes/config/rbac/role_binding.yaml
@@ -0,0 +1,16 @@
+# SPDX-FileCopyrightText: 2021 iteratec GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: manager-rolebinding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: manager-role
+subjects:
+- kind: ServiceAccount
+ name: controller-manager
+ namespace: system
diff --git a/auto-discovery/kubernetes/config/rbac/service_account.yaml b/auto-discovery/kubernetes/config/rbac/service_account.yaml
new file mode 100644
index 0000000000..d1e0c748fd
--- /dev/null
+++ b/auto-discovery/kubernetes/config/rbac/service_account.yaml
@@ -0,0 +1,9 @@
+# SPDX-FileCopyrightText: 2021 iteratec GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: controller-manager
+ namespace: system
diff --git a/auto-discovery/kubernetes/config/samples/config_v2_autodiscoveryconfig.yaml b/auto-discovery/kubernetes/config/samples/config_v2_autodiscoveryconfig.yaml
new file mode 100644
index 0000000000..fc44b03c00
--- /dev/null
+++ b/auto-discovery/kubernetes/config/samples/config_v2_autodiscoveryconfig.yaml
@@ -0,0 +1,11 @@
+# SPDX-FileCopyrightText: 2021 iteratec GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+apiVersion: config.securecodebox.io/v2
+kind: AutoDiscoveryConfig
+metadata:
+ name: autodiscoveryconfig-sample
+spec:
+ # Add fields here
+ foo: bar
diff --git a/auto-discovery/kubernetes/controllers/service_scan_controller.go b/auto-discovery/kubernetes/controllers/service_scan_controller.go
new file mode 100644
index 0000000000..6c8ceafc43
--- /dev/null
+++ b/auto-discovery/kubernetes/controllers/service_scan_controller.go
@@ -0,0 +1,464 @@
+/*
+Copyright 2021 iteratec GmbH.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package controllers
+
+import (
+ "bytes"
+ "context"
+ "fmt"
+ "regexp"
+ "strings"
+ "text/template"
+ "time"
+
+ "github.com/Masterminds/sprig"
+ "github.com/go-logr/logr"
+ configv1 "github.com/secureCodeBox/secureCodeBox/auto-discovery/kubernetes/api/v1"
+ "github.com/secureCodeBox/secureCodeBox/auto-discovery/kubernetes/pkg/util"
+ executionv1 "github.com/secureCodeBox/secureCodeBox/operator/apis/execution/v1"
+
+ corev1 "k8s.io/api/core/v1"
+ "k8s.io/apimachinery/pkg/api/errors"
+ apierrors "k8s.io/apimachinery/pkg/api/errors"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "k8s.io/apimachinery/pkg/runtime"
+ "k8s.io/apimachinery/pkg/types"
+ "k8s.io/client-go/tools/record"
+ ctrl "sigs.k8s.io/controller-runtime"
+ "sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+// ServiceScanReconciler reconciles a Service object
+type ServiceScanReconciler struct {
+ client.Client
+ Log logr.Logger
+ Scheme *runtime.Scheme
+ Recorder record.EventRecorder
+ Config configv1.AutoDiscoveryConfig
+}
+
+const requeueInterval = 5 * time.Second
+
+// +kubebuilder:rbac:groups="execution.securecodebox.io",resources=scantypes,verbs=get;list;watch
+// +kubebuilder:rbac:groups="execution.securecodebox.io",resources=scheduledscans,verbs=get;list;watch;create;update;patch
+// +kubebuilder:rbac:groups="execution.securecodebox.io/status",resources=scheduledscans,verbs=get;update;patch
+// +kubebuilder:rbac:groups="",resources=services,verbs=get;list;watch
+// +kubebuilder:rbac:groups="",resources=services/status,verbs=get
+// +kubebuilder:rbac:groups="",resources=pods,verbs=get;list;watch
+// +kubebuilder:rbac:groups="",resources=namespaces,verbs=get;list;watch
+// +kubebuilder:rbac:groups="",resources=pods/status,verbs=get
+
+// Reconcile compares the Service object against the state of the cluster and updates both if needed
+func (r *ServiceScanReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
+ log := r.Log
+
+ log.V(8).Info("Something happened to a service", "service", req.Name, "namespace", req.Namespace)
+
+ // fetch service
+ var service corev1.Service
+ if err := r.Get(ctx, req.NamespacedName, &service); err != nil {
+ log.V(7).Info("Unable to fetch Service", "service", service.Name, "namespace", service.Namespace)
+ return ctrl.Result{}, client.IgnoreNotFound(err)
+ }
+
+ // fetch namespace
+ var namespace corev1.Namespace
+ if err := r.Get(ctx, types.NamespacedName{Name: service.Namespace, Namespace: ""}, &namespace); err != nil {
+ log.V(7).Info("Unable to fetch namespace for service", "service", service.Name, "namespace", service.Namespace)
+ return ctrl.Result{}, client.IgnoreNotFound(err)
+ }
+
+ log.V(8).Info("Got Service", "service", service.Name, "namespace", service.Namespace, "resourceVersion", service.ResourceVersion)
+
+ // Checking if the service got likely something to do with http...
+ if len(getLikelyHTTPPorts(service)) == 0 {
+ log.V(6).Info("Services doesn't seem to have a http / https port", "service", service.Name, "namespace", service.Namespace)
+ // No port which has likely to do anything with http. No need to schedule a requeue until the service gets updated
+ return ctrl.Result{}, nil
+ }
+
+ // get pods matching service label selector
+ var pods corev1.PodList
+ r.List(ctx, &pods, client.MatchingLabels(service.Spec.Selector), client.InNamespace(service.Namespace))
+
+ // Ensure that pods for the service are in the same version so that the scan scans the correct version
+ podDigests := gatherPodDigests(&pods)
+ if !containerDigestsAllMatch(podDigests) {
+ // Pods for Service don't all have the same digest.
+ // Probably currently updating. Checking again in a few seconds.
+ log.V(6).Info("Services Pods Digests don't all match. Deployment is probably currently under way. Waiting for it to finish.", "service", service.Name, "namespace", service.Namespace)
+ return ctrl.Result{
+ Requeue: true,
+ RequeueAfter: requeueInterval,
+ }, nil
+ }
+
+ // Ensure that at least one pod of the service is ready
+ if !serviceHasReadyPods(pods) {
+ log.V(6).Info("Service doesn't have any ready pods. Waiting", "service", service.Name, "namespace", service.Namespace)
+ return ctrl.Result{
+ Requeue: true,
+ RequeueAfter: requeueInterval,
+ }, nil
+ }
+
+ for _, host := range getHostPorts(service) {
+ // Checking if we already have run a scan against this version
+ var scans executionv1.ScheduledScanList
+
+ // construct a map of labels which can be used to lookup the scheduledScan created for this service
+ versionedLabels := map[string]string{
+ "auto-discovery.securecodebox.io/target-service": service.Name,
+ "auto-discovery.securecodebox.io/target-port": fmt.Sprintf("%d", host.Port),
+ }
+ for containerName, podDigest := range podDigests {
+ // The map should only contain one entry at this point. As the reconciler breaks (see containerDigestsAllMatch) if the services points to a list pods with different digests per container name
+ for digest := range podDigest {
+ versionedLabels[fmt.Sprintf("digest.auto-discovery.securecodebox.io/%s", containerName)] = digest[0:min(len(digest), 63)]
+ break
+ }
+ }
+
+ r.Client.List(ctx, &scans, client.MatchingLabels(versionedLabels), client.InNamespace(service.Namespace))
+ log.V(8).Info("Got ScheduledScans for Service in the exact same version", "scheduledScans", len(scans.Items), "service", service.Name, "namespace", service.Namespace)
+
+ if len(scans.Items) != 0 {
+ log.V(8).Info("Service Version was already scanned. Skipping.", "service", service.Name, "namespace", service.Namespace)
+ continue
+ }
+
+ var previousScan executionv1.ScheduledScan
+ err := r.Client.Get(ctx, types.NamespacedName{Name: fmt.Sprintf("%s-service-port-%d", service.Name, host.Port), Namespace: service.Namespace}, &previousScan)
+
+ if apierrors.IsNotFound(err) {
+ // service was never scanned
+ log.Info("Discovered new unscanned service, scanning it now", "service", service.Name, "namespace", service.Namespace)
+
+ // No scan for this pod digest yet. Scanning now
+ scan := executionv1.ScheduledScan{
+ ObjectMeta: metav1.ObjectMeta{
+ Name: fmt.Sprintf("%s-service-port-%d", service.Name, host.Port),
+ Namespace: service.Namespace,
+ Labels: versionedLabels,
+ Annotations: generateScanAnnotations(r.Config.ServiceAutoDiscoveryConfig.ScanConfig, r.Config.Cluster, service, namespace),
+ },
+ Spec: generateScanSpec(r.Config, r.Config.ServiceAutoDiscoveryConfig.ScanConfig, host, service, namespace),
+ }
+
+ scanTypeName := r.Config.ServiceAutoDiscoveryConfig.ScanConfig.ScanType
+ scanType := executionv1.ScanType{}
+
+ // Ensure ScanType actually exists
+ err := r.Get(ctx, types.NamespacedName{Name: scanTypeName, Namespace: service.Namespace}, &scanType)
+ if errors.IsNotFound(err) {
+ log.Info("Namespace requires ScanType '"+scanTypeName+"' to properly start automatic scans.", "namespace", service.Namespace, "service", service.Name)
+ // Add event to service to communicate failure to user
+ r.Recorder.Event(&service, "Warning", "ScanTypeMissing", "Namespace requires ScanType '"+scanTypeName+"' to properly start automatic scans.")
+
+ // Requeue to allow scan to be created when the user installs the scanType
+ return ctrl.Result{
+ Requeue: true,
+ RequeueAfter: r.Config.ServiceAutoDiscoveryConfig.PassiveReconcileInterval.Duration,
+ }, nil
+ } else if err != nil {
+ return ctrl.Result{
+ Requeue: true,
+ RequeueAfter: requeueInterval,
+ }, err
+ }
+
+ err = r.Create(ctx, &scan)
+ if err != nil {
+ log.Error(err, "Failed to create ScheduledScan", "service", service.Name)
+ }
+ } else if err != nil {
+ log.Error(err, "Failed to lookup ScheduledScan", "service", service.Name, "namespace", service.Namespace)
+ } else {
+ // Service was scanned before, but for a different version
+ log.Info("Previously scanned service was updated. Repeating scan now.", "service", service.Name, "scheduledScan", previousScan.Name, "namespace", service.Namespace)
+
+ previousScan.ObjectMeta.Labels = versionedLabels
+ previousScan.ObjectMeta.Annotations = generateScanAnnotations(r.Config.ServiceAutoDiscoveryConfig.ScanConfig, r.Config.Cluster, service, namespace)
+ previousScan.Spec = generateScanSpec(r.Config, r.Config.ServiceAutoDiscoveryConfig.ScanConfig, host, service, namespace)
+
+ log.V(8).Info("Updating previousScan Spec")
+ err := r.Update(ctx, &previousScan)
+ if err != nil {
+ log.Error(err, "Failed to update ScheduledScan", "service", service.Name, "namespace", service.Namespace)
+ return ctrl.Result{
+ Requeue: true,
+ }, err
+ }
+ // create a new faked lastScheduledTime in the past to force the scheduledScan to be repeated immediately
+ // past timestamp is calculated by subtracting the repeat Interval and 24 hours to ensure that it will work even when the auto-discovery and scheduledScan controller have a clock skew
+ fakedLastSchedule := metav1.Time{Time: time.Now().Add(-r.Config.ServiceAutoDiscoveryConfig.ScanConfig.RepeatInterval.Duration - 24*time.Hour)}
+ log.V(8).Info("Setting LastScheduledTime to the past to rescan it now", "PreviousLastScheduleTime", previousScan.Status.LastScheduleTime, "NewLastScheduleTime", fakedLastSchedule)
+ previousScan.Status.LastScheduleTime = &fakedLastSchedule
+ r.Status().Update(ctx, &previousScan)
+ if err != nil {
+ log.Error(err, "Failed to create ScheduledScan", "service", service.Name)
+ return ctrl.Result{
+ Requeue: true,
+ }, err
+ }
+ }
+ }
+
+ return ctrl.Result{
+ Requeue: true,
+ RequeueAfter: r.Config.ServiceAutoDiscoveryConfig.PassiveReconcileInterval.Duration,
+ }, nil
+}
+
+type HostPort struct {
+ Type string
+ Port int32
+}
+
+func getHostPorts(service corev1.Service) []HostPort {
+ servicePorts := getLikelyHTTPPorts(service)
+
+ httpIshPorts := []HostPort{}
+
+ for _, port := range servicePorts {
+ if port.Port == 443 || port.Port == 8443 || port.Name == "https" {
+ httpIshPorts = append(httpIshPorts, HostPort{
+ Port: port.Port,
+ Type: "https",
+ })
+ } else {
+ httpIshPorts = append(httpIshPorts, HostPort{
+ Port: port.Port,
+ Type: "http",
+ })
+ }
+ }
+
+ return httpIshPorts
+}
+
+func getLikelyHTTPPorts(service corev1.Service) []corev1.ServicePort {
+ httpIshPorts := []corev1.ServicePort{}
+
+ for _, port := range service.Spec.Ports {
+ if port.Port == 80 ||
+ port.Port == 8080 ||
+ port.Port == 443 ||
+ port.Port == 8443 ||
+ // Node.js
+ port.Port == 3000 ||
+ // Flask
+ port.Port == 5000 ||
+ // Django
+ port.Port == 8000 ||
+ // Named Ports
+ port.Name == "http" ||
+ port.Name == "https" {
+ httpIshPorts = append(httpIshPorts, port)
+ }
+ }
+
+ return httpIshPorts
+}
+
+func min(x, y int) int {
+ if x < y {
+ return x
+ }
+ return y
+}
+
+func getShaHashesForPod(pod corev1.Pod) map[string]string {
+ if len(pod.Status.ContainerStatuses) == 0 {
+ return nil
+ }
+
+ hashes := map[string]string{}
+
+ for _, containerStatus := range pod.Status.ContainerStatuses {
+ if containerStatus.ImageID == "" {
+ continue
+ }
+
+ var fullImageName string
+ if strings.HasPrefix(containerStatus.ImageID, "docker-pullable://") {
+ // Extract the fullImageName from the following format "docker-pullable://scbexperimental/parser-nmap@sha256:f953..."
+ fullImageName = containerStatus.ImageID[18:]
+ } else {
+ continue
+ }
+
+ imageSegments := strings.Split(fullImageName, "@")
+ prefixedDigest := imageSegments[1]
+
+ var truncatedDigest string
+ if strings.HasPrefix(prefixedDigest, "sha256:") {
+ // Only keep actual digest
+ // Example from "sha256:f953bc6c5446c20ace8787a1956c2e46a2556cc7a37ef7fc0dda7b11dd87f73d"
+ // What is kept: "f953bc6c5446c20ace8787a1956c2e46a2556cc7a37ef7fc0dda7b11dd87f73d"
+ truncatedDigest = prefixedDigest[7:71]
+ hashes[containerStatus.Name] = truncatedDigest
+ }
+ }
+
+ return hashes
+}
+
+// Takes a list of pods and returns a two tiered map to lookup pod digests per container
+// The map returned look like this:
+// {
+// // container name
+// container1: {
+// // digest
+// ab2dkbsjdha3kshdasjdbalsjdbaljsbd: true
+// iuzaksbd2kabsdk4abksdbaksjbdak12a: true
+// },
+// container2: {
+// // digest
+// sjdha3kshdasjdbalsjdbaljsbdab2dkb: true
+// d2kabsdk4abksdbaksjbdak12aiuzaksb: true
+// },
+// }
+func gatherPodDigests(pods *corev1.PodList) map[string]map[string]bool {
+ podDigests := map[string]map[string]bool{}
+
+ for _, pod := range pods.Items {
+ hashes := getShaHashesForPod(pod)
+
+ for containerName, hash := range hashes {
+ if _, ok := podDigests[containerName]; ok {
+ podDigests[containerName][hash] = true
+ } else {
+ podDigests[containerName] = map[string]bool{hash: true}
+ }
+ }
+ }
+
+ return podDigests
+}
+
+func containerDigestsAllMatch(podDigests map[string]map[string]bool) bool {
+ for _, digests := range podDigests {
+ if len(digests) != 1 {
+ return false
+ }
+ }
+
+ return true
+}
+
+func serviceHasReadyPods(pods corev1.PodList) bool {
+podLoop:
+ for _, pod := range pods.Items {
+ for _, containerStatus := range pod.Status.ContainerStatuses {
+ if containerStatus.Ready == false {
+ continue podLoop
+ }
+ }
+ return true
+ }
+ return false
+}
+
+func generateScanAnnotations(scanConfig configv1.ScanConfig, clusterConfig configv1.ClusterConfig, service corev1.Service, namespace corev1.Namespace) map[string]string {
+ annotations := util.RenderAnnotations(scanConfig.Annotations, service.ObjectMeta, namespace.ObjectMeta, clusterConfig.Name)
+
+ // Copy over securecodebox.io annotations to the created scan
+ re := regexp.MustCompile(`.*securecodebox\.io/.*`)
+ for key, value := range service.Annotations {
+ if matches := re.MatchString(key); matches {
+ annotations[key] = value
+ }
+ }
+ return annotations
+
+}
+
+type TemplateArgs struct {
+ Config configv1.AutoDiscoveryConfig
+ ScanConfig configv1.ScanConfig
+ Service corev1.Service
+ Namespace corev1.Namespace
+ Host HostPort
+}
+
+// Takes in both autoDiscoveryConfig and scanConfig as this function might be used by other controllers in the future, which can then pass in the their relevant scanConfig into this function
+func generateScanSpec(autoDiscoveryConfig configv1.AutoDiscoveryConfig, scanConfig configv1.ScanConfig, host HostPort, service corev1.Service, namespace corev1.Namespace) executionv1.ScheduledScanSpec {
+ parameters := scanConfig.Parameters
+
+ templateArgs := TemplateArgs{
+ Config: autoDiscoveryConfig,
+ Service: service,
+ Namespace: namespace,
+ Host: host,
+ }
+
+ params := []string{}
+
+ for i, parameterTemplate := range parameters {
+ tmpl, err := template.New(fmt.Sprintf("Annotation Template scan parameter '%d'", i)).Funcs(sprig.TxtFuncMap()).Parse(parameterTemplate)
+ if err != nil {
+ panic(err)
+ }
+
+ var rawOutput bytes.Buffer
+ err = tmpl.Execute(&rawOutput, templateArgs)
+ output := rawOutput.String()
+
+ // skip empty string values to allow users to skip annotations
+ if output != "" {
+ params = append(params, output)
+ }
+ }
+
+ scheduledScanSpec := executionv1.ScheduledScanSpec{
+ Interval: scanConfig.RepeatInterval,
+ ScanSpec: &executionv1.ScanSpec{
+ ScanType: scanConfig.ScanType,
+ Parameters: params,
+ },
+ }
+
+ return scheduledScanSpec
+}
+
+// SetupWithManager sets up the controller and initializes every thing it needs
+func (r *ServiceScanReconciler) SetupWithManager(mgr ctrl.Manager) error {
+ ctx := context.Background()
+ if err := mgr.GetFieldIndexer().IndexField(ctx, &executionv1.ScheduledScan{}, ".metadata.service-controller", func(rawObj client.Object) []string {
+ // grab the job object, extract the owner...
+ scan := rawObj.(*executionv1.ScheduledScan)
+ owner := metav1.GetControllerOf(scan)
+ if owner == nil {
+ return nil
+ }
+ // ...make sure it's a Service...
+ if owner.APIVersion != "v1" || owner.Kind != "Service" {
+ return nil
+ }
+
+ // ...and if so, return it
+ return []string{owner.Name}
+ }); err != nil {
+ return err
+ }
+
+ return ctrl.NewControllerManagedBy(mgr).
+ For(&corev1.Service{}).
+ WithEventFilter(getPredicates(mgr.GetClient(), r.Log, r.Config.ResourceInclusion.Mode)).
+ Complete(r)
+}
diff --git a/auto-discovery/kubernetes/controllers/service_scan_controller_test.go b/auto-discovery/kubernetes/controllers/service_scan_controller_test.go
new file mode 100644
index 0000000000..fc805198bb
--- /dev/null
+++ b/auto-discovery/kubernetes/controllers/service_scan_controller_test.go
@@ -0,0 +1,309 @@
+/*
+Copyright 2021 iteratec GmbH.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package controllers
+
+import (
+ "context"
+ "fmt"
+ "time"
+
+ . "github.com/onsi/ginkgo"
+ . "github.com/onsi/gomega"
+
+ batchv1 "k8s.io/api/batch/v1"
+ corev1 "k8s.io/api/core/v1"
+ "k8s.io/apimachinery/pkg/api/errors"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "k8s.io/apimachinery/pkg/types"
+
+ //+kubebuilder:scaffold:imports
+
+ executionv1 "github.com/secureCodeBox/secureCodeBox/operator/apis/execution/v1"
+)
+
+// These tests use Ginkgo (BDD-style Go testing framework). Refer to
+// http://onsi.github.io/ginkgo/ to learn more about Ginkgo.
+
+var _ = Describe("ServiceScan controller", func() {
+
+ // Define utility constants for object names and testing timeouts and intervals.
+ const (
+ timeout = time.Second * 10
+ interval = time.Millisecond * 250
+ )
+
+ Context("Initial ServiceDiscovery", func() {
+ It("Should create a ScheduledScan for Services with the correct annotation", func() {
+ ctx := context.Background()
+ namespace := "scan-creation"
+
+ // Set up pod and service for auto-discovery
+ createNamespace(ctx, namespace)
+ createPod(ctx, "juice-shop", namespace, "bkimminich/juice-shop", "9342db143db5804dee3e64ff789be6ad8dd94f0491b2f50fa67c78be204081e2")
+ createService(ctx, "juice-shop", namespace)
+ createScanType(ctx, namespace)
+
+ var scheduledScan executionv1.ScheduledScan
+ // We'll need to retry getting this ScheduledScan, as the auto-discovery might take a couple of moment to discover the service and create the ScheduledScan for it.
+ Eventually(func() bool {
+ err := k8sClient.Get(ctx, types.NamespacedName{Name: "juice-shop-service-port-3000", Namespace: namespace}, &scheduledScan)
+ if errors.IsNotFound(err) {
+ return false
+ }
+ return true
+ }, timeout, interval).Should(BeTrue())
+
+ Expect(scheduledScan.ObjectMeta.Name).Should(Equal("juice-shop-service-port-3000"))
+ Expect(scheduledScan.Spec.ScanSpec.ScanType).Should(Equal("nmap"))
+ Expect(scheduledScan.Spec.ScanSpec.Parameters).Should(BeEquivalentTo([]string{"-p", "3000", "juice-shop.scan-creation.svc"}))
+ Expect(scheduledScan.Status.LastScheduleTime).Should(BeNil())
+ })
+
+ It("Should hold ScanCreation until all pod digests for the container backing the service match", func() {
+ ctx := context.Background()
+ namespace := "differing-digests"
+
+ // Set up pod and service for auto-discovery
+ createNamespace(ctx, namespace)
+ createPod(ctx, "juice-shop-1", namespace, "bkimminich/juice-shop", "9342db143db5804dee3e64ff789be6ad8dd94f0491b2f50fa67c78be204081e2")
+ createPod(ctx, "juice-shop-2", namespace, "bkimminich/juice-shop", "53ba8e4f1064ecc116849b21cef8eccdb90e7c3901cc3d739f2616cac125b3f1")
+ createService(ctx, "juice-shop", namespace)
+ createScanType(ctx, namespace)
+
+ var scheduledScan executionv1.ScheduledScan
+ // We'll need to retry getting this ScheduledScan, as the auto-discovery might take a couple of moment to discover the service and create the ScheduledScan for it.
+ Consistently(func() bool {
+ err := k8sClient.Get(ctx, types.NamespacedName{Name: "juice-shop-service-port-3000", Namespace: namespace}, &scheduledScan)
+ if errors.IsNotFound(err) {
+ return true
+ }
+ return false
+ }, timeout, interval/2).Should(BeTrue())
+
+ // Change Pod Digest of juice-shop-2 to match the first pod
+ var pod corev1.Pod
+ k8sClient.Get(ctx, types.NamespacedName{Name: "juice-shop-2", Namespace: namespace}, &pod)
+ pod.Status.ContainerStatuses = []corev1.ContainerStatus{
+ {
+ Image: "bkimminich/juice-shop",
+ ImageID: "docker-pullable://bkimminich/juice-shop@sha256:9342db143db5804dee3e64ff789be6ad8dd94f0491b2f50fa67c78be204081e2",
+ ContainerID: "docker://53ba8e4f1064ecc116849b21cef8eccdb90e7c3901cc3d739f2616cac125b3f1",
+ Ready: true,
+ Name: "juice-shop",
+ },
+ }
+ err := k8sClient.Status().Update(ctx, &pod)
+ if err != nil {
+ panic(err)
+ }
+
+ // ScheduledScan should now get created as both pods run on the same version
+ // We'll need to retry getting this ScheduledScan, as the auto-discovery might take a couple of moment to discover the service and create the ScheduledScan for it.
+ Eventually(func() bool {
+ err := k8sClient.Get(ctx, types.NamespacedName{Name: "juice-shop-service-port-3000", Namespace: namespace}, &scheduledScan)
+ if errors.IsNotFound(err) {
+ return false
+ }
+ return true
+ }, timeout, interval).Should(BeTrue())
+
+ Expect(scheduledScan.ObjectMeta.Name).Should(Equal("juice-shop-service-port-3000"))
+ Expect(scheduledScan.Spec.ScanSpec.ScanType).Should(Equal("nmap"))
+ Expect(scheduledScan.Spec.ScanSpec.Parameters).Should(BeEquivalentTo([]string{"-p", "3000", "juice-shop.differing-digests.svc"}))
+ Expect(scheduledScan.Status.LastScheduleTime).Should(BeNil())
+ })
+ })
+
+ Context("Update Detection ServiceDiscovery", func() {
+ It("Should detect a upgraded pod and trigger a re-scan of the ScheduledScan", func() {
+ ctx := context.Background()
+ namespace := "update-test"
+
+ // set up pod and service for auto-discovery
+ createNamespace(ctx, namespace)
+ createPod(ctx, "juice-shop", namespace, "bkimminich/juice-shop", "9342db143db5804dee3e64ff789be6ad8dd94f0491b2f50fa67c78be204081e2")
+ createService(ctx, "juice-shop", namespace)
+ createScanType(ctx, namespace)
+
+ var scheduledScan executionv1.ScheduledScan
+ // We'll need to retry getting this ScheduledScan, as the auto-discovery might take a couple of moment to discover the service and create the ScheduledScan for it.
+ Eventually(func() bool {
+ err := k8sClient.Get(ctx, types.NamespacedName{Name: "juice-shop-service-port-3000", Namespace: namespace}, &scheduledScan)
+ if errors.IsNotFound(err) {
+ return false
+ }
+ return true
+ }, timeout, interval).Should(BeTrue())
+
+ Expect(scheduledScan.ObjectMeta.Name).Should(Equal("juice-shop-service-port-3000"))
+ Expect(scheduledScan.Spec.ScanSpec.ScanType).Should(Equal("nmap"))
+ Expect(scheduledScan.Spec.ScanSpec.Parameters).Should(BeEquivalentTo([]string{"-p", "3000", "juice-shop.update-test.svc"}))
+ Expect(scheduledScan.Status.LastScheduleTime).Should(BeNil())
+
+ By("Update Pod to be of a new image revision")
+
+ var pod corev1.Pod
+ k8sClient.Get(ctx, types.NamespacedName{Name: "juice-shop", Namespace: namespace}, &pod)
+ pod.Status.ContainerStatuses = []corev1.ContainerStatus{
+ {
+ Image: "bkimminich/juice-shop:v12.8.0",
+ ImageID: "docker-pullable://bkimminich/juice-shop@sha256:01c8897aa847d13e97a650e315ceaa409883f6b762a14c4975a82bb6adafedf5",
+ ContainerID: "docker://53ba8e4f1064ecc116849b21cef8eccdb90e7c3901cc3d739f2616cac125b3f1",
+ Ready: true,
+ Name: "juice-shop",
+ },
+ }
+ err := k8sClient.Status().Update(ctx, &pod)
+ if err != nil {
+ panic(err)
+ }
+
+ By("Controller should set the lastScheduled Timestamp to the past to force a re-scan")
+ Eventually(func() bool {
+ err := k8sClient.Get(ctx, types.NamespacedName{Name: "juice-shop-service-port-3000", Namespace: namespace}, &scheduledScan)
+ if errors.IsNotFound(err) {
+ return false
+ }
+
+ return scheduledScan.Status.LastScheduleTime != nil
+ }, timeout, interval).Should(BeTrue())
+ })
+ })
+})
+
+func createNamespace(ctx context.Context, namespaceName string) {
+ namespace := &corev1.Namespace{
+ ObjectMeta: metav1.ObjectMeta{
+ Name: namespaceName,
+ },
+ }
+
+ k8sClient.Create(ctx, namespace)
+}
+
+func createPod(ctx context.Context, name string, namespace string, image string, imageDisgest string) {
+ pod := &corev1.Pod{
+ TypeMeta: metav1.TypeMeta{
+ APIVersion: "",
+ Kind: "Pod",
+ },
+ ObjectMeta: metav1.ObjectMeta{
+ Name: name,
+ Namespace: namespace,
+ Labels: map[string]string{
+ "app": "juice-shop",
+ },
+ },
+ Spec: corev1.PodSpec{
+ Containers: []corev1.Container{
+ {
+ Name: name,
+ Image: image,
+ Ports: []corev1.ContainerPort{
+ {
+ Name: "http",
+ ContainerPort: 3000,
+ Protocol: corev1.ProtocolTCP,
+ },
+ },
+ },
+ },
+ },
+ }
+
+ Expect(k8sClient.Create(ctx, pod)).Should(Succeed())
+
+ // Set pod status
+ var createdPod corev1.Pod
+ k8sClient.Get(ctx, types.NamespacedName{Name: name, Namespace: namespace}, &createdPod)
+ createdPod.Status.ContainerStatuses = []corev1.ContainerStatus{
+ {
+ Image: image,
+ ImageID: fmt.Sprintf("docker-pullable://%s@sha256:%s", image, imageDisgest),
+ ContainerID: "docker://53ba8e4f1064ecc116849b21cef8eccdb90e7c3901cc3d739f2616cac125b3f1",
+ Name: "juice-shop",
+ Ready: true,
+ },
+ }
+ Expect(k8sClient.Status().Update(ctx, &createdPod)).Should(Succeed())
+}
+func createService(ctx context.Context, name string, namespace string) {
+ service := &corev1.Service{
+ TypeMeta: metav1.TypeMeta{
+ APIVersion: "",
+ Kind: "Service",
+ },
+ ObjectMeta: metav1.ObjectMeta{
+ Name: name,
+ Namespace: namespace,
+ Labels: map[string]string{
+ "app": name,
+ },
+ Annotations: map[string]string{
+ "auto-discovery.securecodebox.io/enabled": "true",
+ },
+ },
+ Spec: corev1.ServiceSpec{
+ Selector: map[string]string{
+ "app": name,
+ },
+ Ports: []corev1.ServicePort{
+ {
+ Name: "http",
+ Port: 3000,
+ Protocol: corev1.ProtocolTCP,
+ },
+ },
+ },
+ }
+ Expect(k8sClient.Create(ctx, service)).Should(Succeed())
+}
+
+func createScanType(ctx context.Context, namespace string) {
+ scanType := &executionv1.ScanType{
+ TypeMeta: metav1.TypeMeta{
+ APIVersion: "execution.securecodebox.io/v1",
+ Kind: "ScanType",
+ },
+ ObjectMeta: metav1.ObjectMeta{
+ Name: "nmap",
+ Namespace: namespace,
+ },
+ Spec: executionv1.ScanTypeSpec{
+ ExtractResults: executionv1.ExtractResults{
+ Location: "/home/securecodebox/nmap.xml",
+ Type: "nmap-xml",
+ },
+ JobTemplate: batchv1.Job{
+ Spec: batchv1.JobSpec{
+ Template: corev1.PodTemplateSpec{
+ Spec: corev1.PodSpec{
+ Containers: []corev1.Container{
+ {
+ Name: "nmap",
+ Image: "securecodebox/scanner-nmap",
+ Args: []string{"-oX", "/home/securecodebox/nmap.xml"},
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ }
+ Expect(k8sClient.Create(ctx, scanType)).Should(Succeed())
+}
diff --git a/auto-discovery/kubernetes/controllers/suite_test.go b/auto-discovery/kubernetes/controllers/suite_test.go
new file mode 100644
index 0000000000..c4f14320c1
--- /dev/null
+++ b/auto-discovery/kubernetes/controllers/suite_test.go
@@ -0,0 +1,123 @@
+/*
+Copyright 2021 iteratec GmbH.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package controllers
+
+import (
+ "path/filepath"
+ "testing"
+ "time"
+
+ . "github.com/onsi/ginkgo"
+ . "github.com/onsi/gomega"
+
+ "k8s.io/client-go/kubernetes/scheme"
+ "k8s.io/client-go/rest"
+ "sigs.k8s.io/controller-runtime/pkg/client"
+ "sigs.k8s.io/controller-runtime/pkg/envtest"
+ "sigs.k8s.io/controller-runtime/pkg/envtest/printer"
+ logf "sigs.k8s.io/controller-runtime/pkg/log"
+ "sigs.k8s.io/controller-runtime/pkg/log/zap"
+
+ ctrl "sigs.k8s.io/controller-runtime"
+
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+ //+kubebuilder:scaffold:imports
+
+ configv1 "github.com/secureCodeBox/secureCodeBox/auto-discovery/kubernetes/api/v1"
+ executionv1 "github.com/secureCodeBox/secureCodeBox/operator/apis/execution/v1"
+)
+
+// These tests use Ginkgo (BDD-style Go testing framework). Refer to
+// http://onsi.github.io/ginkgo/ to learn more about Ginkgo.
+
+var cfg *rest.Config
+var k8sClient client.Client
+var testEnv *envtest.Environment
+
+func TestAPIs(t *testing.T) {
+ RegisterFailHandler(Fail)
+
+ RunSpecsWithDefaultAndCustomReporters(t,
+ "Controller Suite",
+ []Reporter{printer.NewlineReporter{}})
+}
+
+var _ = BeforeSuite(func() {
+ logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true)))
+
+ By("bootstrapping test environment")
+ testEnv = &envtest.Environment{
+ CRDDirectoryPaths: []string{filepath.Join("..", "config", "crd", "bases"), filepath.Join("..", "..", "..", "operator", "config", "crd", "bases")},
+ ErrorIfCRDPathMissing: false,
+ }
+
+ cfg, err := testEnv.Start()
+ Expect(err).NotTo(HaveOccurred())
+ Expect(cfg).NotTo(BeNil())
+
+ err = executionv1.AddToScheme(scheme.Scheme)
+ Expect(err).NotTo(HaveOccurred())
+
+ //+kubebuilder:scaffold:scheme
+
+ k8sClient, err = client.New(cfg, client.Options{Scheme: scheme.Scheme})
+ Expect(err).NotTo(HaveOccurred())
+ Expect(k8sClient).NotTo(BeNil())
+
+ k8sManager, err := ctrl.NewManager(cfg, ctrl.Options{
+ Scheme: scheme.Scheme,
+ })
+ Expect(err).ToNot(HaveOccurred())
+
+ err = (&ServiceScanReconciler{
+ Client: k8sManager.GetClient(),
+ Scheme: k8sManager.GetScheme(),
+ Recorder: k8sManager.GetEventRecorderFor("ServiceScanController"),
+ Log: ctrl.Log.WithName("controllers").WithName("ServiceScanController"),
+ Config: configv1.AutoDiscoveryConfig{
+ Cluster: configv1.ClusterConfig{
+ Name: "test-cluster",
+ },
+ ServiceAutoDiscoveryConfig: configv1.ServiceAutoDiscoveryConfig{
+ PassiveReconcileInterval: metav1.Duration{Duration: 1 * time.Second},
+ ScanConfig: configv1.ScanConfig{
+ RepeatInterval: metav1.Duration{Duration: time.Hour},
+ Annotations: map[string]string{},
+ Labels: map[string]string{},
+ Parameters: []string{"-p", "{{ .Host.Port }}", "{{ .Service.Name }}.{{ .Service.Namespace }}.svc"},
+ ScanType: "nmap",
+ },
+ },
+ ResourceInclusion: configv1.ResourceInclusionConfig{
+ Mode: configv1.EnabledPerResource,
+ },
+ },
+ }).SetupWithManager(k8sManager)
+ Expect(err).ToNot(HaveOccurred())
+
+ go func() {
+ err = k8sManager.Start(ctrl.SetupSignalHandler())
+ Expect(err).ToNot(HaveOccurred())
+ }()
+}, 60)
+
+var _ = AfterSuite(func() {
+ By("tearing down the test environment")
+ err := testEnv.Stop()
+ Expect(err).NotTo(HaveOccurred())
+})
diff --git a/auto-discovery/kubernetes/controllers/utils.go b/auto-discovery/kubernetes/controllers/utils.go
new file mode 100644
index 0000000000..05e4e54de7
--- /dev/null
+++ b/auto-discovery/kubernetes/controllers/utils.go
@@ -0,0 +1,189 @@
+/*
+Copyright 2021 iteratec GmbH.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package controllers
+
+import (
+ "context"
+ "fmt"
+
+ "github.com/go-logr/logr"
+ configv1 "github.com/secureCodeBox/secureCodeBox/auto-discovery/kubernetes/api/v1"
+ "sigs.k8s.io/controller-runtime/pkg/client"
+ "sigs.k8s.io/controller-runtime/pkg/event"
+ "sigs.k8s.io/controller-runtime/pkg/predicate"
+
+ corev1 "k8s.io/api/core/v1"
+
+ "k8s.io/apimachinery/pkg/types"
+)
+
+func getNamespace(client client.Client, name string) (*corev1.Namespace, error) {
+ namespace := corev1.Namespace{}
+ err := client.Get(context.Background(), types.NamespacedName{Name: name}, &namespace)
+ if err != nil {
+ return nil, err
+ }
+
+ return &namespace, nil
+}
+
+func getNamespaceName(object client.Object) string {
+ if object.GetNamespace() == "" {
+ // The Object is not namespaced...
+ return object.GetName()
+ }
+
+ return object.GetNamespace()
+}
+
+func getPredicates(client client.Client, log logr.Logger, resourceInclusionMode configv1.ResourceInclusionMode) predicate.Predicate {
+ log.Info("Setting up Predicate Filter", "resourceInclusionMode", resourceInclusionMode)
+
+ if resourceInclusionMode == configv1.EnabledPerResource {
+ return getPredicatesForEnabledPerResource(client, log)
+ } else if resourceInclusionMode == configv1.All {
+ return getPredicatesForScanAll(client, log)
+ } else if resourceInclusionMode == configv1.EnabledPerNamespace {
+ return getPredicatesForEnabledPerNamespace(client, log)
+ }
+
+ panic(fmt.Errorf("Inalid resourceInclusion.mode configured: '%s'. Check docs for supported modes.", resourceInclusionMode))
+}
+
+func getPredicatesForEnabledPerNamespace(client client.Client, log logr.Logger) predicate.Predicate {
+ return predicate.Funcs{
+ CreateFunc: func(event event.CreateEvent) bool {
+
+ if val, ok := event.Object.GetAnnotations()["auto-discovery.securecodebox.io/ignore"]; ok && val == "true" {
+ return false
+ }
+
+ namespace, err := getNamespace(client, getNamespaceName(event.Object))
+ if err != nil {
+ log.Error(err, "Failed to get Namespace")
+ }
+
+ if val, ok := namespace.GetAnnotations()["auto-discovery.securecodebox.io/enabled"]; ok && val == "true" {
+ return true
+ }
+ return false
+ },
+ DeleteFunc: func(event event.DeleteEvent) bool {
+ if val, ok := event.Object.GetAnnotations()["auto-discovery.securecodebox.io/ignore"]; ok && val == "true" {
+ return false
+ }
+
+ namespace, err := getNamespace(client, getNamespaceName(event.Object))
+ if err != nil {
+ log.Error(err, "Failed to get Namespace")
+ }
+
+ if val, ok := namespace.GetAnnotations()["auto-discovery.securecodebox.io/enabled"]; ok && val == "true" {
+ return true
+ }
+ return false
+ },
+ UpdateFunc: func(event event.UpdateEvent) bool {
+ if val, ok := event.ObjectNew.GetAnnotations()["auto-discovery.securecodebox.io/ignore"]; ok && val == "true" {
+ return false
+ }
+
+ namespace, err := getNamespace(client, getNamespaceName(event.ObjectNew))
+ if err != nil {
+ log.Error(err, "Failed to get Namespace")
+ }
+
+ if val, ok := namespace.GetAnnotations()["auto-discovery.securecodebox.io/enabled"]; ok && val == "true" {
+ return true
+ }
+ return false
+ },
+ GenericFunc: func(event event.GenericEvent) bool {
+ if val, ok := event.Object.GetAnnotations()["auto-discovery.securecodebox.io/ignore"]; ok && val == "true" {
+ return false
+ }
+
+ namespace, err := getNamespace(client, getNamespaceName(event.Object))
+ if err != nil {
+ log.Error(err, "Failed to get Namespace")
+ }
+
+ if val, ok := namespace.GetAnnotations()["auto-discovery.securecodebox.io/enabled"]; ok && val == "true" {
+ return true
+ }
+ return false
+ },
+ }
+}
+
+func getPredicatesForEnabledPerResource(client client.Client, log logr.Logger) predicate.Predicate {
+ return predicate.Funcs{
+ CreateFunc: func(event event.CreateEvent) bool {
+ if val, ok := event.Object.GetAnnotations()["auto-discovery.securecodebox.io/enabled"]; ok && val == "true" {
+ return true
+ }
+ return false
+ },
+ DeleteFunc: func(event event.DeleteEvent) bool {
+ if val, ok := event.Object.GetAnnotations()["auto-discovery.securecodebox.io/enabled"]; ok && val == "true" {
+ return true
+ }
+ return false
+ },
+ UpdateFunc: func(event event.UpdateEvent) bool {
+ if val, ok := event.ObjectNew.GetAnnotations()["auto-discovery.securecodebox.io/enabled"]; ok && val == "true" {
+ return true
+ }
+ return false
+ },
+ GenericFunc: func(event event.GenericEvent) bool {
+ if val, ok := event.Object.GetAnnotations()["auto-discovery.securecodebox.io/enabled"]; ok && val == "true" {
+ return true
+ }
+ return false
+ },
+ }
+}
+
+func getPredicatesForScanAll(client client.Client, log logr.Logger) predicate.Predicate {
+ return predicate.Funcs{
+ CreateFunc: func(event event.CreateEvent) bool {
+ if val, ok := event.Object.GetAnnotations()["auto-discovery.securecodebox.io/ignore"]; ok && val == "true" {
+ return false
+ }
+ return true
+ },
+ DeleteFunc: func(event event.DeleteEvent) bool {
+ if val, ok := event.Object.GetAnnotations()["auto-discovery.securecodebox.io/ignore"]; ok && val == "true" {
+ return false
+ }
+ return true
+ },
+ UpdateFunc: func(event event.UpdateEvent) bool {
+ if val, ok := event.ObjectNew.GetAnnotations()["auto-discovery.securecodebox.io/ignore"]; ok && val == "true" {
+ return false
+ }
+ return true
+ },
+ GenericFunc: func(event event.GenericEvent) bool {
+ if val, ok := event.Object.GetAnnotations()["auto-discovery.securecodebox.io/ignore"]; ok && val == "true" {
+ return false
+ }
+ return true
+ },
+ }
+}
diff --git a/auto-discovery/kubernetes/demo/http-echo.yaml b/auto-discovery/kubernetes/demo/http-echo.yaml
new file mode 100644
index 0000000000..c1ac58b284
--- /dev/null
+++ b/auto-discovery/kubernetes/demo/http-echo.yaml
@@ -0,0 +1,38 @@
+# SPDX-FileCopyrightText: 2021 iteratec GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: http-echo
+ annotations:
+ auto-discovery.securecodebox.io/enabled: "true"
+spec:
+ ports:
+ - port: 80
+ targetPort: 5678
+ selector:
+ app: http-echo
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: http-echo
+spec:
+ selector:
+ matchLabels:
+ app: http-echo
+ replicas: 2
+ template:
+ metadata:
+ labels:
+ app: http-echo
+ spec:
+ containers:
+ - name: http-echo
+ image: hashicorp/http-echo
+ args:
+ - "-text=http-echo"
+ ports:
+ - containerPort: 5678
diff --git a/auto-discovery/kubernetes/demo/install-dependencies.sh b/auto-discovery/kubernetes/demo/install-dependencies.sh
new file mode 100755
index 0000000000..9931860bfb
--- /dev/null
+++ b/auto-discovery/kubernetes/demo/install-dependencies.sh
@@ -0,0 +1,11 @@
+# SPDX-FileCopyrightText: 2021 iteratec GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+kubectl apply -f https://raw.githubusercontent.com/fluxcd/helm-operator/1.2.0/deploy/crds.yaml
+helm repo add fluxcd https://charts.fluxcd.io
+helm upgrade -i helm-operator fluxcd/helm-operator \
+ --set helm.versions=v3 \
+ --version 1.2.0 \
+ --namespace helm-operator \
+ --create-namespace
diff --git a/auto-discovery/kubernetes/demo/juice-shop.yaml b/auto-discovery/kubernetes/demo/juice-shop.yaml
new file mode 100644
index 0000000000..5308722f1f
--- /dev/null
+++ b/auto-discovery/kubernetes/demo/juice-shop.yaml
@@ -0,0 +1,70 @@
+# SPDX-FileCopyrightText: 2021 iteratec GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: juice-shop
+ annotations:
+ auto-discovery.securecodebox.io/enabled: "true"
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: juice-shop
+ namespace: juice-shop
+ labels:
+ scm.securecodebox.io/branch: v12.8.0
+spec:
+ type: ClusterIP
+ ports:
+ - port: 3000
+ targetPort: http
+ protocol: TCP
+ name: http
+ selector:
+ app: juice-shop
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: juice-shop
+ namespace: juice-shop
+ labels:
+ app: juice-shop
+spec:
+ selector:
+ matchLabels:
+ app: juice-shop
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: juice-shop
+ spec:
+ containers:
+ - name: juice-shop
+ image: bkimminich/juice-shop:v12.8.0
+ ports:
+ - name: http
+ containerPort: 3000
+ livenessProbe:
+ httpGet:
+ path: /
+ port: http
+ readinessProbe:
+ httpGet:
+ path: /
+ port: http
+---
+apiVersion: helm.fluxcd.io/v1
+kind: HelmRelease
+metadata:
+ name: zap-advanced-scan
+ namespace: juice-shop
+spec:
+ chart:
+ repository: https://charts.securecodebox.io
+ version: 2.7.2
+ name: zap-advanced-scan
diff --git a/auto-discovery/kubernetes/demo/nginx.yaml b/auto-discovery/kubernetes/demo/nginx.yaml
new file mode 100644
index 0000000000..3f3bd85fea
--- /dev/null
+++ b/auto-discovery/kubernetes/demo/nginx.yaml
@@ -0,0 +1,59 @@
+# SPDX-FileCopyrightText: 2021 iteratec GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: nginx
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: nginx
+ namespace: nginx
+ labels:
+ app.kubernetes.io/version: v1.20.0
+ annotations:
+ auto-discovery.securecodebox.io/enabled: "true"
+spec:
+ type: ClusterIP
+ ports:
+ - port: 8080
+ targetPort: http
+ protocol: TCP
+ name: http
+ selector:
+ app: nginx
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: nginx
+ namespace: nginx
+ labels:
+ app: nginx
+spec:
+ selector:
+ matchLabels:
+ app: nginx
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: nginx
+ spec:
+ containers:
+ - name: nginx
+ image: nginxinc/nginx-unprivileged:1.20.0-alpine
+ ports:
+ - name: http
+ containerPort: 8080
+ livenessProbe:
+ httpGet:
+ path: /
+ port: http
+ readinessProbe:
+ httpGet:
+ path: /
+ port: http
diff --git a/auto-discovery/kubernetes/docs/README.ArtifactHub.md b/auto-discovery/kubernetes/docs/README.ArtifactHub.md
new file mode 100644
index 0000000000..71888a2019
--- /dev/null
+++ b/auto-discovery/kubernetes/docs/README.ArtifactHub.md
@@ -0,0 +1,197 @@
+
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## Example
+
+
+
+
+
+This example deploys [JuiceShop](https://owasp.org/www-project-juice-shop/) to a new Kubernetes Namespace.
+(You can find the kubernetes manifests for the deployment [here](./demo/juice-shop.yaml))
+
+The AutoDiscovery will automatically pick up this new deployment and then starts a OWASP ZAP Scan against it.
+The scan created uses our `zap-advanced` ScanType by default, this can be changed with the `config.serviceAutoDiscovery.scanConfig.scanType` config on the autoDiscovery helm release.
+
+## Deployment
+The auto-discovery-kubernetes chart can be deployed via helm:
+
+```bash
+# Install HelmChart (use -n to configure another namespace)
+helm upgrade --install auto-discovery-kubernetes secureCodeBox/auto-discovery-kubernetes
+```
+
+## Requirements
+
+Kubernetes: `>=v1.11.0-0`
+
+### In / Excluding Resources from the AutoDiscovery
+
+The AutoDiscovery allows different modes to determine if a resource is supposed to be scanned.
+These modes allow you to gradually roll out the AutoDiscovery in a cluster.
+This allows to roll it out in cluster without a "big bang" where the AutoDiscovery starts a scan for every app in the cluster which would likely exhaust the clusters compute resources.
+
+The three different modes are:
+
+1. `enabled-per-namespace` (default): [See section](#enabled-per-namespace-mode-default)
+2. `enabled-per-resource`: [See section](#enabled-per-resource-mode)
+3. `scan-all`: [See section](#scan-all-mode)
+
+#### Enabled per Namespace Mode (default)
+
+Enable this by setting `config.resourceInclusion.mode=enable-per-namespace`.
+
+This mode will start scans for resources in namespaces with the annotation `auto-discovery.securecodebox.io/enabled=true`.
+
+```bash
+# enable AutoDiscovery in namespace "juice-shop"
+kubectl annotate namespace juice-shop auto-discovery.securecodebox.io/enabled=true
+```
+
+If you want to exclude a certain resource in a otherwise AutoDiscovery enabled namespace, you can exclude it by annotating it with `auto-discovery.securecodebox.io/ignore=true`.
+
+```bash
+# disable AutoDiscovery for service "foobar"
+kubectl -n juice-shop annotate service foobar auto-discovery.securecodebox.io/ignore=true
+```
+
+#### Enabled per Resource Mode
+
+Enable this by setting `config.resourceInclusion.mode=enabled-per-resource`.
+
+This mode will start scans for every resources with the annotation `auto-discovery.securecodebox.io/enabled=true`.
+
+```bash
+# enable AutoDiscovery for service "juice-shop"
+kubectl -n juice-shop annotate service juice-shop auto-discovery.securecodebox.io/enabled=true
+```
+
+#### Scan All Mode
+
+Enable this by setting `config.resourceInclusion.mode=scan-all`.
+
+This mode will start scans for **every** resources in the cluster **unless** it has the annotation `auto-discovery.securecodebox.io/ignore=true`.
+
+> ⚠️ Using this setting in larger cluster will likely start a large number of scans in the cluster. This could block all available compute resource in your cluster and seriously affect your applications availability.
+
+```bash
+# *disable* AutoDiscovery for service "juice-shop"
+kubectl -n juice-shop annotate service juice-shop auto-discovery.securecodebox.io/ignore=true
+```
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| config.apiVersion | string | `"config.securecodebox.io/v1"` | |
+| config.cluster.name | string | `"docker-desktop"` | |
+| config.health.healthProbeBindAddress | string | `":8081"` | |
+| config.kind | string | `"AutoDiscoveryConfig"` | |
+| config.leaderElection.leaderElect | bool | `true` | |
+| config.leaderElection.resourceName | string | `"0e41a1f4.securecodebox.io"` | |
+| config.metrics.bindAddress | string | `"127.0.0.1:8080"` | |
+| config.resourceInclusion.mode | string | `"enabled-per-namespace"` | |
+| config.serviceAutoDiscovery.passiveReconcileInterval | string | `"1m"` | interval in which every service is re-checked for updated pods, if service object is updated directly this the service will get reconciled immediately |
+| config.serviceAutoDiscovery.scanConfig.annotations | object | `{"defectdojo.securecodebox.io/engagement-name":"{{ .Target.Name }}","defectdojo.securecodebox.io/engagement-version":"{{if (index .Target.Labels `app.kubernetes.io/version`) }}{{ index .Target.Labels `app.kubernetes.io/version` }}{{end}}","defectdojo.securecodebox.io/product-name":"{{ .Cluster.Name }} | {{ .Namespace.Name }} | {{ .Target.Name }}","defectdojo.securecodebox.io/product-tags":"cluster/{{ .Cluster.Name }},namespace/{{ .Namespace.Name }}"}` | annotations to be added to the scans started by the auto-discovery |
+| config.serviceAutoDiscovery.scanConfig.labels | object | `{}` | labels to be added to the scans started by the auto-discovery |
+| config.serviceAutoDiscovery.scanConfig.parameters | list | `["-t","{{ .Host.Type }}://{{ .Service.Name }}.{{ .Service.Namespace }}.svc:{{ .Host.Port }}"]` | parameters used for the scans created by the serviceAutoDiscovery |
+| config.serviceAutoDiscovery.scanConfig.repeatInterval | string | `"168h"` | interval in which scans are automatically repeated. If the target is updated (meaning a new image revision is deployed) the scan will repeated beforehand and the interval is reset. |
+| config.serviceAutoDiscovery.scanConfig.scanType | string | `"zap-advanced-scan"` | scanType used for the scans created by the serviceAutoDiscovery |
+| image.pullPolicy | string | `"Always"` | |
+| image.repository | string | `"securecodebox/auto-discovery-kubernetes"` | |
+| image.tag | string | `nil` | |
+| podSecurityContext | object | `{}` | Sets the securityContext on the operators pod level. See: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container |
+| resources | object | `{"limits":{"cpu":"100m","memory":"100Mi"},"requests":{"cpu":"100m","memory":"20Mi"}}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) |
+| securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["all"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true}` | Sets the securityContext on the operators container level. See: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod |
+| securityContext.allowPrivilegeEscalation | bool | `false` | Ensure that users privileges cannot be escalated |
+| securityContext.capabilities.drop[0] | string | `"all"` | This drops all linux privileges from the operator container. They are not required |
+| securityContext.privileged | bool | `false` | Ensures that the operator container is not run in privileged mode |
+| securityContext.readOnlyRootFilesystem | bool | `true` | Prevents write access to the containers file system |
+| securityContext.runAsNonRoot | bool | `true` | Enforces that the Operator image is run as a non root user |
+
+## Contributing
+
+Contributions are welcome and extremely helpful 🙌
+Please have a look at [Contributing](./CONTRIBUTING.md)
+
+## Community
+
+You are welcome, please join us on... 👋
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license].
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
+## Development
+
+### Run the AutoDiscovery locally
+
+To avoid having to build & deploy the AutoDiscovery every time you make a code change you can run it locally.
+It automatically connects to your current cluster configured in your kube config.
+
+```bash
+make run
+```
+
+### Running the tests
+
+```bash
+# execute the tests locally
+make test
+
+# view the test coverage
+go tool cover -html=cover.out
+```
\ No newline at end of file
diff --git a/auto-discovery/kubernetes/docs/README.DockerHub-Core.md b/auto-discovery/kubernetes/docs/README.DockerHub-Core.md
new file mode 100644
index 0000000000..f22b0dbaf8
--- /dev/null
+++ b/auto-discovery/kubernetes/docs/README.DockerHub-Core.md
@@ -0,0 +1,105 @@
+
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## How to use this image
+This `core` image is intended to work in combination with the OWASP secureCodeBox. For more information details please take a look at the documentation page: https://docs.securecodebox.io/docs/getting-started/installation.
+
+```bash
+docker pull securecodebox/auto-discovery-kubernetes
+```
+
+## Example
+
+
+
+
+
+This example deploys [JuiceShop](https://owasp.org/www-project-juice-shop/) to a new Kubernetes Namespace.
+(You can find the kubernetes manifests for the deployment [here](./demo/juice-shop.yaml))
+
+The AutoDiscovery will automatically pick up this new deployment and then starts a OWASP ZAP Scan against it.
+The scan created uses our `zap-advanced` ScanType by default, this can be changed with the `config.serviceAutoDiscovery.scanConfig.scanType` config on the autoDiscovery helm release.
+
+## Community
+
+You are welcome, please join us on... 👋
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
+
+As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
+## Development
+
+### Run the AutoDiscovery locally
+
+To avoid having to build & deploy the AutoDiscovery every time you make a code change you can run it locally.
+It automatically connects to your current cluster configured in your kube config.
+
+```bash
+make run
+```
+
+### Running the tests
+
+```bash
+# execute the tests locally
+make test
+
+# view the test coverage
+go tool cover -html=cover.out
+```
\ No newline at end of file
diff --git a/auto-discovery/kubernetes/go.mod b/auto-discovery/kubernetes/go.mod
new file mode 100644
index 0000000000..705a9c9fb2
--- /dev/null
+++ b/auto-discovery/kubernetes/go.mod
@@ -0,0 +1,24 @@
+// SPDX-FileCopyrightText: 2021 iteratec GmbH
+//
+// SPDX-License-Identifier: Apache-2.0
+
+module github.com/secureCodeBox/secureCodeBox/auto-discovery/kubernetes
+
+go 1.15
+
+require (
+ github.com/Masterminds/goutils v1.1.1 // indirect
+ github.com/Masterminds/semver v1.5.0 // indirect
+ github.com/Masterminds/sprig v2.22.0+incompatible
+ github.com/go-logr/logr v0.3.0
+ github.com/huandu/xstrings v1.3.2 // indirect
+ github.com/mitchellh/copystructure v1.2.0 // indirect
+ github.com/onsi/ginkgo v1.14.1
+ github.com/onsi/gomega v1.10.2
+ github.com/secureCodeBox/secureCodeBox/operator v0.0.0-20210512114551-f7af2ead2c3d
+ github.com/stretchr/testify v1.5.1
+ k8s.io/api v0.19.2
+ k8s.io/apimachinery v0.19.2
+ k8s.io/client-go v0.19.2
+ sigs.k8s.io/controller-runtime v0.7.2
+)
diff --git a/auto-discovery/kubernetes/go.sum b/auto-discovery/kubernetes/go.sum
new file mode 100644
index 0000000000..af22e3beb9
--- /dev/null
+++ b/auto-discovery/kubernetes/go.sum
@@ -0,0 +1,738 @@
+cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
+cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
+cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
+cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
+cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
+cloud.google.com/go v0.51.0 h1:PvKAVQWCtlGUSlZkGW3QLelKaWq7KYv/MW1EboG8bfM=
+cloud.google.com/go v0.51.0/go.mod h1:hWtGJ6gnXH+KgDv+V0zFGDvpi07n3z8ZNj3T1RW0Gcw=
+cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
+cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
+cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
+cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
+dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
+github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
+github.com/Azure/go-autorest/autorest v0.9.0/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI=
+github.com/Azure/go-autorest/autorest v0.9.6 h1:5YWtOnckcudzIw8lPPBcWOnmIFWMtHci1ZWAZulMSx0=
+github.com/Azure/go-autorest/autorest v0.9.6/go.mod h1:/FALq9T/kS7b5J5qsQ+RSTUdAmGFqi0vUdVNNx8q630=
+github.com/Azure/go-autorest/autorest/adal v0.5.0/go.mod h1:8Z9fGy2MpX0PvDjB1pEgQTmVqjGhiHBW7RJJEciWzS0=
+github.com/Azure/go-autorest/autorest/adal v0.8.2 h1:O1X4oexUxnZCaEUGsvMnr8ZGj8HI37tNezwY4npRqA0=
+github.com/Azure/go-autorest/autorest/adal v0.8.2/go.mod h1:ZjhuQClTqx435SRJ2iMlOxPYt3d2C/T/7TiQCVZSn3Q=
+github.com/Azure/go-autorest/autorest/date v0.1.0/go.mod h1:plvfp3oPSKwf2DNjlBjWF/7vwR+cUD/ELuzDCXwHUVA=
+github.com/Azure/go-autorest/autorest/date v0.2.0 h1:yW+Zlqf26583pE43KhfnhFcdmSWlm5Ew6bxipnr/tbM=
+github.com/Azure/go-autorest/autorest/date v0.2.0/go.mod h1:vcORJHLJEh643/Ioh9+vPmf1Ij9AEBM5FuBIXLmIy0g=
+github.com/Azure/go-autorest/autorest/mocks v0.1.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0=
+github.com/Azure/go-autorest/autorest/mocks v0.2.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0=
+github.com/Azure/go-autorest/autorest/mocks v0.3.0 h1:qJumjCaCudz+OcqE9/XtEPfvtOjOmKaui4EOpFI6zZc=
+github.com/Azure/go-autorest/autorest/mocks v0.3.0/go.mod h1:a8FDP3DYzQ4RYfVAxAN3SVSiiO77gL2j2ronKKP0syM=
+github.com/Azure/go-autorest/logger v0.1.0 h1:ruG4BSDXONFRrZZJ2GUXDiUyVpayPmb1GnWeHDdaNKY=
+github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6LSNgds39diKLz7Vrc=
+github.com/Azure/go-autorest/tracing v0.5.0 h1:TRn4WjSnkcSy5AEG3pnbtFSwNtwzjr4VYyQflFE619k=
+github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbtp2fGCgRFtBroKn4Dk=
+github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
+github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
+github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
+github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
+github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww=
+github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
+github.com/Masterminds/sprig v2.22.0+incompatible h1:z4yfnGrZ7netVz+0EDJ0Wi+5VZCSYp4Z0m2dk6cEM60=
+github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o=
+github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
+github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
+github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
+github.com/PuerkitoBio/purell v1.1.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
+github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
+github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
+github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
+github.com/agnivade/levenshtein v1.0.1/go.mod h1:CURSv5d9Uaml+FovSIICkLbAUZ9S4RqaHDIsdSBg7lM=
+github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
+github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
+github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
+github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
+github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=
+github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
+github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
+github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
+github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
+github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
+github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
+github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
+github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
+github.com/blang/semver v3.5.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
+github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
+github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko=
+github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
+github.com/cespare/xxhash/v2 v2.1.1 h1:6MnRN8NT7+YBpUIWxHtefFZOKTAPgGjpQSxqLNn0+qY=
+github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
+github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
+github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
+github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
+github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8=
+github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
+github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
+github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk=
+github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
+github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
+github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
+github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
+github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
+github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
+github.com/coreos/pkg v0.0.0-20180108230652-97fdf19511ea/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
+github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
+github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE=
+github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
+github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
+github.com/davecgh/go-spew v0.0.0-20151105211317-5215b55f46b2/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM=
+github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
+github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
+github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/go-units v0.3.3/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
+github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
+github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM=
+github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
+github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
+github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
+github.com/elazarl/goproxy v0.0.0-20170405201442-c4fc26588b6e/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
+github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
+github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
+github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
+github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
+github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
+github.com/evanphx/json-patch v4.5.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
+github.com/evanphx/json-patch v4.9.0+incompatible h1:kLcOMZeuLAJvL2BPWLMIj5oaZQobrkAqrL+WFZwQses=
+github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
+github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
+github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
+github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4=
+github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
+github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
+github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
+github.com/globalsign/mgo v0.0.0-20180905125535-1ca0a4f7cbcb/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q=
+github.com/globalsign/mgo v0.0.0-20181015135952-eeefdecb41b8/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q=
+github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
+github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
+github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
+github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
+github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
+github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
+github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
+github.com/go-logr/logr v0.3.0 h1:q4c+kbcR0d5rSurhBR8dIgieOaYpXtsdTYfx22Cu6rs=
+github.com/go-logr/logr v0.3.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
+github.com/go-logr/zapr v0.1.0/go.mod h1:tabnROwaDl0UNxkVeFRbY8bwB37GwRv0P8lg6aAiEnk=
+github.com/go-logr/zapr v0.2.0 h1:v6Ji8yBW77pva6NkJKQdHLAJKrIJKRHz0RXwPqCHSR4=
+github.com/go-logr/zapr v0.2.0/go.mod h1:qhKdvif7YF5GI9NWEpyxTSSBdGmzkNguibrdCNVPunU=
+github.com/go-openapi/analysis v0.0.0-20180825180245-b006789cd277/go.mod h1:k70tL6pCuVxPJOHXQ+wIac1FUrvNkHolPie/cLEU6hI=
+github.com/go-openapi/analysis v0.17.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik=
+github.com/go-openapi/analysis v0.18.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik=
+github.com/go-openapi/analysis v0.19.2/go.mod h1:3P1osvZa9jKjb8ed2TPng3f0i/UY9snX6gxi44djMjk=
+github.com/go-openapi/analysis v0.19.5/go.mod h1:hkEAkxagaIvIP7VTn8ygJNkd4kAYON2rCu0v0ObL0AU=
+github.com/go-openapi/errors v0.17.0/go.mod h1:LcZQpmvG4wyF5j4IhA73wkLFQg+QJXOQHVjmcZxhka0=
+github.com/go-openapi/errors v0.18.0/go.mod h1:LcZQpmvG4wyF5j4IhA73wkLFQg+QJXOQHVjmcZxhka0=
+github.com/go-openapi/errors v0.19.2/go.mod h1:qX0BLWsyaKfvhluLejVpVNwNRdXZhEbTA4kxxpKBC94=
+github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0=
+github.com/go-openapi/jsonpointer v0.17.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwdsUdVpsRhURCKh+3M=
+github.com/go-openapi/jsonpointer v0.18.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwdsUdVpsRhURCKh+3M=
+github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg=
+github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
+github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg=
+github.com/go-openapi/jsonreference v0.17.0/go.mod h1:g4xxGn04lDIRh0GJb5QlpE3HfopLOL6uZrK/VgnsK9I=
+github.com/go-openapi/jsonreference v0.18.0/go.mod h1:g4xxGn04lDIRh0GJb5QlpE3HfopLOL6uZrK/VgnsK9I=
+github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc=
+github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8=
+github.com/go-openapi/loads v0.17.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU=
+github.com/go-openapi/loads v0.18.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU=
+github.com/go-openapi/loads v0.19.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU=
+github.com/go-openapi/loads v0.19.2/go.mod h1:QAskZPMX5V0C2gvfkGZzJlINuP7Hx/4+ix5jWFxsNPs=
+github.com/go-openapi/loads v0.19.4/go.mod h1:zZVHonKd8DXyxyw4yfnVjPzBjIQcLt0CCsn0N0ZrQsk=
+github.com/go-openapi/runtime v0.0.0-20180920151709-4f900dc2ade9/go.mod h1:6v9a6LTXWQCdL8k1AO3cvqx5OtZY/Y9wKTgaoP6YRfA=
+github.com/go-openapi/runtime v0.19.0/go.mod h1:OwNfisksmmaZse4+gpV3Ne9AyMOlP1lt4sK4FXt0O64=
+github.com/go-openapi/runtime v0.19.4/go.mod h1:X277bwSUBxVlCYR3r7xgZZGKVvBd/29gLDlFGtJ8NL4=
+github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc=
+github.com/go-openapi/spec v0.17.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsdfssdxcBI=
+github.com/go-openapi/spec v0.18.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsdfssdxcBI=
+github.com/go-openapi/spec v0.19.2/go.mod h1:sCxk3jxKgioEJikev4fgkNmwS+3kuYdJtcsZsD5zxMY=
+github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo=
+github.com/go-openapi/strfmt v0.17.0/go.mod h1:P82hnJI0CXkErkXi8IKjPbNBM6lV6+5pLP5l494TcyU=
+github.com/go-openapi/strfmt v0.18.0/go.mod h1:P82hnJI0CXkErkXi8IKjPbNBM6lV6+5pLP5l494TcyU=
+github.com/go-openapi/strfmt v0.19.0/go.mod h1:+uW+93UVvGGq2qGaZxdDeJqSAqBqBdl+ZPMF/cC8nDY=
+github.com/go-openapi/strfmt v0.19.3/go.mod h1:0yX7dbo8mKIvc3XSKp7MNfxw4JytCfCD6+bY1AVL9LU=
+github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I=
+github.com/go-openapi/swag v0.17.0/go.mod h1:AByQ+nYG6gQg71GINrmuDXCPWdL640yX49/kXLo40Tg=
+github.com/go-openapi/swag v0.18.0/go.mod h1:AByQ+nYG6gQg71GINrmuDXCPWdL640yX49/kXLo40Tg=
+github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
+github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
+github.com/go-openapi/validate v0.18.0/go.mod h1:Uh4HdOzKt19xGIGm1qHf/ofbX1YQ4Y+MYsct2VUrAJ4=
+github.com/go-openapi/validate v0.19.2/go.mod h1:1tRCw7m3jtI8eNWEEliiAqUIcBztB2KDnRCRMUi7GTA=
+github.com/go-openapi/validate v0.19.5/go.mod h1:8DJv2CVJQ6kGNpFW6eV9N3JviE1C85nY1c2z52x1Gk4=
+github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
+github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
+github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
+github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
+github.com/gogo/protobuf v1.3.1 h1:DqDEcV5aeaTmdFBePNpYsp3FlcVH/2ISVVM9Qf8PSls=
+github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
+github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
+github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7 h1:5ZkaAPbicIKTF2I64qf5Fh8Aa83Q/dnOafMYV0OMwjA=
+github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
+github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
+github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
+github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
+github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
+github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
+github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
+github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
+github.com/golang/protobuf v1.4.2 h1:+Z5KGCizgyZCbGh1KZqA0fcLLkwbsjIzS4aV2v7wJX0=
+github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
+github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
+github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
+github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.2 h1:X2ev0eStA3AbceY54o37/0PQ/UWqKEiiO2dKL5OPaFM=
+github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/gofuzz v0.0.0-20161122191042-44d81051d367/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI=
+github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g=
+github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
+github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
+github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
+github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
+github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY=
+github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
+github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
+github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY=
+github.com/googleapis/gnostic v0.3.1/go.mod h1:on+2t9HRStVgn95RSsFWFz+6Q0Snyqv1awfrALZdbtU=
+github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg=
+github.com/googleapis/gnostic v0.5.1 h1:A8Yhf6EtqTv9RMsU6MQTyrtV1TjWlR6xU9BsZIwuTCM=
+github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU=
+github.com/gophercloud/gophercloud v0.1.0/go.mod h1:vxM41WHh5uqHVBMZHzuwNOHh8XEoIEcSTewFxm1c5g8=
+github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
+github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
+github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
+github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
+github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
+github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
+github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
+github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
+github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
+github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
+github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
+github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc=
+github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
+github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
+github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
+github.com/huandu/xstrings v1.3.2 h1:L18LIDzqlW6xN2rEkpdV8+oL/IXWJ1APd+vsdYy4Wdw=
+github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
+github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
+github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
+github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
+github.com/imdario/mergo v0.3.10 h1:6q5mVkdH/vYmqngx7kZQTjJ5HRsx+ImorDIEQ+beJgc=
+github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
+github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
+github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
+github.com/json-iterator/go v0.0.0-20180612202835-f2b4162afba3/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
+github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
+github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
+github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
+github.com/json-iterator/go v1.1.10 h1:Kz6Cvnvv2wGdaG/V8yMvfkmNiXq9Ya2KUv4rouJJr68=
+github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
+github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
+github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
+github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
+github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
+github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
+github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
+github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/klauspost/cpuid v1.2.3/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
+github.com/klauspost/cpuid v1.3.1/go.mod h1:bYW4mA6ZgKPob1/Dlai2LviZJO7KGI3uoWLd42rAQw4=
+github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pretty v0.2.0 h1:s5hAObm+yFO5uHYt5dYjxi2rXrsnmRpJx4OYvIWUaQs=
+github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA=
+github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
+github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
+github.com/mailru/easyjson v0.0.0-20180823135443-60711f1a8329/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
+github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
+github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
+github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
+github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs=
+github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
+github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
+github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
+github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
+github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 h1:I0XW9+e1XWDxdcEniV4rQAIOPUGDq67JSCiRCgGCZLI=
+github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
+github.com/minio/md5-simd v1.1.0/go.mod h1:XpBqgZULrMYD3R+M28PcmP0CkI7PEMzB3U77ZrKZ0Gw=
+github.com/minio/minio-go/v7 v7.0.10/go.mod h1:td4gW1ldOsj1PbSNS+WYK43j+P1XVhX/8W8awaYlBFo=
+github.com/minio/sha256-simd v0.1.1/go.mod h1:B5e1o+1/KgNmWrSQK08Y6Z1Vb5pwIktudl0J58iy0KM=
+github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
+github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=
+github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
+github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
+github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
+github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
+github.com/moby/term v0.0.0-20200312100748-672ec06f55cd/go.mod h1:DdlQx2hp0Ss5/fLikoLlEeIYiATotOjgB//nb973jeo=
+github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/reflect2 v0.0.0-20180320133207-05fbef0ca5da/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9AWI=
+github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
+github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
+github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
+github.com/nxadm/tail v1.4.4 h1:DQuhQpB1tVlglWS2hLQ5OV6B5r8aGxSrPc5Qo6uTN78=
+github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
+github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
+github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
+github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
+github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
+github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
+github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
+github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
+github.com/onsi/ginkgo v1.14.1 h1:jMU0WaQrP0a/YAEq8eJmJKjBoMs+pClEr1vDMlM/Do4=
+github.com/onsi/ginkgo v1.14.1/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY=
+github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
+github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
+github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
+github.com/onsi/gomega v1.8.1/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA=
+github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
+github.com/onsi/gomega v1.10.2 h1:aY/nuoWlKJud2J6U0E3NWsjlg+0GtwXxgEqthRdzlcs=
+github.com/onsi/gomega v1.10.2/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
+github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
+github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
+github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
+github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA=
+github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
+github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
+github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
+github.com/prometheus/client_golang v1.7.1 h1:NTGy1Ja9pByO+xAeH/qiWnLrKtr3hJPNjaVUwnjpdpA=
+github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
+github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
+github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M=
+github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
+github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
+github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
+github.com/prometheus/common v0.10.0 h1:RyRA7RzGXQZiW+tGMr7sxa85G1z0yOpM1qq5c8lNawc=
+github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
+github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
+github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
+github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
+github.com/prometheus/procfs v0.1.3 h1:F0+tqvhOksq22sc6iCHF5WGlWjdwj92p0udFh1VFBS8=
+github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
+github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
+github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uYEyJGbgTkfkS4+E/PavXkNJcbFIpEtjt2B0KDQ5+9M=
+github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
+github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
+github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ=
+github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
+github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/secureCodeBox/secureCodeBox/operator v0.0.0-20210512114551-f7af2ead2c3d h1:2Q46leaOxSMzTn9kCKFRkjTA7Sm18bFIX62WlQWV5Z8=
+github.com/secureCodeBox/secureCodeBox/operator v0.0.0-20210512114551-f7af2ead2c3d/go.mod h1:ZRUtiYBuN3L+pDq34kkFJFZYEfJBj9q0k2MW96sEvug=
+github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
+github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
+github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
+github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
+github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
+github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
+github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
+github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
+github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
+github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
+github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
+github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
+github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
+github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU=
+github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=
+github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
+github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
+github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
+github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
+github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
+github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s=
+github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE=
+github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
+github.com/stretchr/testify v0.0.0-20151208002404-e3a8ff8ce365/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H4=
+github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
+github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
+github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
+github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
+github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
+github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
+github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
+github.com/vektah/gqlparser v1.1.2/go.mod h1:1ycwN7Ij5njmMkPPAOaRFY4rET2Enx7IkVv3vaXspKw=
+github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
+github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
+github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
+go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
+go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
+go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg=
+go.etcd.io/etcd v0.5.0-alpha.5.0.20200819165624-17cef6e3e9d5/go.mod h1:skWido08r9w6Lq/w70DO5XYIKMu4QFu1+4VsqLQuJy8=
+go.mongodb.org/mongo-driver v1.0.3/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM=
+go.mongodb.org/mongo-driver v1.1.1/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM=
+go.mongodb.org/mongo-driver v1.1.2/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM=
+go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
+go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
+go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
+go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
+go.uber.org/atomic v1.6.0 h1:Ezj3JGmsOnG1MoRWQkPBsKLe9DwWD9QeXzTRzzldNVk=
+go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
+go.uber.org/goleak v1.1.10 h1:z+mqJhf6ss6BSfSM671tgKyZBFPTTJM+HLxnhPC3wu0=
+go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A=
+go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
+go.uber.org/multierr v1.5.0 h1:KCa4XfM8CWFCpxXRGok+Q0SS/0XBhMDbHHGABQLvD2A=
+go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU=
+go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee h1:0mgffUl7nfd+FpvXMVz4IDEaUSmT1ysygQC7qYo7sG4=
+go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA=
+go.uber.org/zap v1.8.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
+go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
+go.uber.org/zap v1.15.0 h1:ZZCA22JRF2gQE5FoNmhmrf7jeJJ2uhqDUNRYKm8dvmM=
+go.uber.org/zap v1.15.0/go.mod h1:Mb2vm2krFEG5DV0W9qcHBYFtp/Wku1cvYaqPsS/WYfc=
+golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20190211182817-74369b46fc67/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190320223903-b7391e95e576/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190617133340-57b3e21c3d56/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20200709230013-948cd5f35899 h1:DZhuSZLsGlFL4CmhA8BcRA0mnthyA/nZ00AqCUo7vHg=
+golang.org/x/crypto v0.0.0-20200709230013-948cd5f35899/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20190312203227-4b39c73a6495/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
+golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
+golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
+golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
+golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
+golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
+golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
+golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f h1:J5lckAjkw6qYlOZNj90mLYNTEKDvWeuc1yieZ8qUzUE=
+golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
+golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
+golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
+golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
+golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
+golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
+golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.3.0 h1:RM4zey1++hCTbCVQfnWeKs9/IEsaBLA8vTkd0WVtmH4=
+golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181005035420-146acd28ed58/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190320064053-1272bf9dcd53/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
+golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
+golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200707034311-ab3426394381 h1:VXak5I6aEWmAXeQjA+QSZzlgNrpq9mjcfDemuexIKsU=
+golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6 h1:pE8b58s1HRDMi8RDc79m0HISf9D4TzseP40cEA6IGfs=
+golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190209173611-3b5209105503/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190321052220-f7bb7a8bee54/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae h1:Ih9Yo4hSPImZOpfGuA4bR/ORKTAbhZo2AbWNRCnevdo=
+golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e h1:EHBhcS0mlXEAVwNyO2dLfjToGsyY4j24pTs2ScHnX7s=
+golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190125232054-d66bd3c5d5a6/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190206041539-40960b6deb8e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
+golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190617190820-da514acc4774/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20190920225731-5eefd052ad72/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200616133436-c1934b75d054 h1:HHeAlu5H9b71C+Fx0K+1dGgVFN1DM1/wz4aoGOA5qS8=
+golang.org/x/tools v0.0.0-20200616133436-c1934b75d054/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+gomodules.xyz/jsonpatch/v2 v2.0.1/go.mod h1:IhYNNY4jnS53ZnfE4PAmpKtDpTCj1JFXc+3mwe7XcUU=
+gomodules.xyz/jsonpatch/v2 v2.1.0 h1:Phva6wqu+xR//Njw6iorylFFgn/z547tw5Ne3HZPQ+k=
+gomodules.xyz/jsonpatch/v2 v2.1.0/go.mod h1:IhYNNY4jnS53ZnfE4PAmpKtDpTCj1JFXc+3mwe7XcUU=
+gonum.org/v1/gonum v0.0.0-20190331200053-3d26580ed485/go.mod h1:2ltnJ7xHfj0zHS40VVPYEAAMTa3ZGguvHGBSJeRWqE0=
+gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw=
+gonum.org/v1/netlib v0.0.0-20190331212654-76723241ea4e/go.mod h1:kS+toOQn6AQKjmKJ7gzohV1XkqsFehRA2FbsbkopSuQ=
+google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
+google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
+google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
+google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
+google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
+google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
+google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/appengine v1.6.6 h1:lMO5rYAqUxkmaj76jAkRUvt5JZgFymx/+Q5Mzfivuhc=
+google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
+google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
+google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
+google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
+google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
+google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
+google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
+google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
+google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
+google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
+google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
+google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
+google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
+google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.24.0 h1:UhZDfRO8JRQru4/+LlLE0BRKGF8L+PICnvYZmx/fEGA=
+google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
+gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw=
+gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
+gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
+gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
+gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
+gopkg.in/ini.v1 v1.57.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
+gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
+gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
+gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
+gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
+gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
+gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.7/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU=
+gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 h1:tQIYjPdBoyREyB9XMu+nnTclpTYkz2zFM+lzLJFO4gQ=
+gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
+gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
+honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.1-2019.2.3 h1:3JgtbtFHMiCmsznwGVTUWbgGov+pVqnlf1dEJTNAXeM=
+honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
+k8s.io/api v0.17.2/go.mod h1:BS9fjjLc4CMuqfSO8vgbHPKMt5+SF0ET6u/RVDihTo4=
+k8s.io/api v0.19.2 h1:q+/krnHWKsL7OBZg/rxnycsl9569Pud76UJ77MvKXms=
+k8s.io/api v0.19.2/go.mod h1:IQpK0zFQ1xc5iNIQPqzgoOwuFugaYHK4iCknlAQP9nI=
+k8s.io/apiextensions-apiserver v0.17.2/go.mod h1:4KdMpjkEjjDI2pPfBA15OscyNldHWdBCfsWMDWAmSTs=
+k8s.io/apiextensions-apiserver v0.19.2 h1:oG84UwiDsVDu7dlsGQs5GySmQHCzMhknfhFExJMz9tA=
+k8s.io/apiextensions-apiserver v0.19.2/go.mod h1:EYNjpqIAvNZe+svXVx9j4uBaVhTB4C94HkY3w058qcg=
+k8s.io/apimachinery v0.17.2/go.mod h1:b9qmWdKlLuU9EBh+06BtLcSf/Mu89rWL33naRxs1uZg=
+k8s.io/apimachinery v0.19.2 h1:5Gy9vQpAGTKHPVOh5c4plE274X8D/6cuEiTO2zve7tc=
+k8s.io/apimachinery v0.19.2/go.mod h1:DnPGDnARWFvYa3pMHgSxtbZb7gpzzAZ1pTfaUNDVlmA=
+k8s.io/apiserver v0.17.2/go.mod h1:lBmw/TtQdtxvrTk0e2cgtOxHizXI+d0mmGQURIHQZlo=
+k8s.io/apiserver v0.19.2/go.mod h1:FreAq0bJ2vtZFj9Ago/X0oNGC51GfubKK/ViOKfVAOA=
+k8s.io/client-go v0.17.2/go.mod h1:QAzRgsa0C2xl4/eVpeVAZMvikCn8Nm81yqVx3Kk9XYI=
+k8s.io/client-go v0.19.2 h1:gMJuU3xJZs86L1oQ99R4EViAADUPMHHtS9jFshasHSc=
+k8s.io/client-go v0.19.2/go.mod h1:S5wPhCqyDNAlzM9CnEdgTGV4OqhsW3jGO1UM1epwfJA=
+k8s.io/code-generator v0.17.2/go.mod h1:DVmfPQgxQENqDIzVR2ddLXMH34qeszkKSdH/N+s+38s=
+k8s.io/code-generator v0.19.2/go.mod h1:moqLn7w0t9cMs4+5CQyxnfA/HV8MF6aAVENF+WZZhgk=
+k8s.io/component-base v0.17.2/go.mod h1:zMPW3g5aH7cHJpKYQ/ZsGMcgbsA/VyhEugF3QT1awLs=
+k8s.io/component-base v0.19.2 h1:jW5Y9RcZTb79liEhW3XDVTW7MuvEGP0tQZnfSX6/+gs=
+k8s.io/component-base v0.19.2/go.mod h1:g5LrsiTiabMLZ40AR6Hl45f088DevyGY+cCE2agEIVo=
+k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
+k8s.io/gengo v0.0.0-20190822140433-26a664648505/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
+k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
+k8s.io/gengo v0.0.0-20200428234225-8167cfdcfc14/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
+k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
+k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
+k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
+k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I=
+k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
+k8s.io/klog/v2 v2.2.0 h1:XRvcwJozkgZ1UQJmfMGpvRthQHOvihEhYtDfAaxMz/A=
+k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
+k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a/go.mod h1:1TqjTSzOxsLGIKfj0lK8EeCP7K1iUG65v09OM0/WG5E=
+k8s.io/kube-openapi v0.0.0-20200805222855-6aeccd4b50c6 h1:+WnxoVtG8TMiudHBSEtrVL1egv36TkkJm+bA8AxicmQ=
+k8s.io/kube-openapi v0.0.0-20200805222855-6aeccd4b50c6/go.mod h1:UuqjUnNftUyPE5H64/qeyjQoUZhGpeFDVdxjTeEVN2o=
+k8s.io/utils v0.0.0-20191114184206-e782cd3c129f/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew=
+k8s.io/utils v0.0.0-20200729134348-d5654de09c73/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
+k8s.io/utils v0.0.0-20200912215256-4140de9c8800 h1:9ZNvfPvVIEsp/T1ez4GQuzCcCTEQWhovSofhqR73A6g=
+k8s.io/utils v0.0.0-20200912215256-4140de9c8800/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
+modernc.org/cc v1.0.0/go.mod h1:1Sk4//wdnYJiUIxnW8ddKpaOJCF37yAdqYnkxUpaYxw=
+modernc.org/golex v1.0.0/go.mod h1:b/QX9oBD/LhixY6NDh+IdGv17hgB+51fET1i2kPSmvk=
+modernc.org/mathutil v1.0.0/go.mod h1:wU0vUrJsVWBZ4P6e7xtFJEhFSNsfRLJ8H458uRjg03k=
+modernc.org/strutil v1.0.0/go.mod h1:lstksw84oURvj9y3tn8lGvRxyRC1S2+g5uuIzNfIOBs=
+modernc.org/xc v1.0.0/go.mod h1:mRNCo0bvLjGhHO9WsyuKVU4q0ceiDDDoEeWDJHrNx8I=
+rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
+sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.9/go.mod h1:dzAXnQbTRyDlZPJX2SUPEqvnB+j7AJjtlox7PEwigU0=
+sigs.k8s.io/controller-runtime v0.5.2/go.mod h1:JZUwSMVbxDupo0lTJSSFP5pimEyxGynROImSsqIOx1A=
+sigs.k8s.io/controller-runtime v0.7.2 h1:gD2JZp0bBLLuvSRYVNvox+bRCz1UUUxKDjPUCb56Ukk=
+sigs.k8s.io/controller-runtime v0.7.2/go.mod h1:pJ3YBrJiAqMAZKi6UVGuE98ZrroV1p+pIhoHsMm9wdU=
+sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e/go.mod h1:wWxsB5ozmmv/SG7nM11ayaAW51xMvak/t1r0CSlcokI=
+sigs.k8s.io/structured-merge-diff v1.0.1-0.20191108220359-b1b620dd3f06 h1:zD2IemQ4LmOcAumeiyDWXKUI2SO0NYDe3H6QGvPOVgU=
+sigs.k8s.io/structured-merge-diff v1.0.1-0.20191108220359-b1b620dd3f06/go.mod h1:/ULNhyfzRopfcjskuui0cTITekDduZ7ycKN3oUT9R18=
+sigs.k8s.io/structured-merge-diff/v4 v4.0.1 h1:YXTMot5Qz/X1iBRJhAt+vI+HVttY0WkSqqhKxQ0xVbA=
+sigs.k8s.io/structured-merge-diff/v4 v4.0.1/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
+sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
+sigs.k8s.io/yaml v1.2.0 h1:kr/MCeFWJWTwyaHoR9c8EjH9OumOmoF9YGiZd7lFm/Q=
+sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc=
diff --git a/auto-discovery/kubernetes/go.sum.license b/auto-discovery/kubernetes/go.sum.license
new file mode 100644
index 0000000000..7446c9b19d
--- /dev/null
+++ b/auto-discovery/kubernetes/go.sum.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: 2021 iteratec GmbH
+
+SPDX-License-Identifier: Apache-2.0
\ No newline at end of file
diff --git a/auto-discovery/kubernetes/hack/boilerplate.go.txt b/auto-discovery/kubernetes/hack/boilerplate.go.txt
new file mode 100644
index 0000000000..9090c49635
--- /dev/null
+++ b/auto-discovery/kubernetes/hack/boilerplate.go.txt
@@ -0,0 +1,15 @@
+/*
+Copyright 2021 iteratec GmbH.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
\ No newline at end of file
diff --git a/auto-discovery/kubernetes/main.go b/auto-discovery/kubernetes/main.go
new file mode 100644
index 0000000000..b7c8e42d99
--- /dev/null
+++ b/auto-discovery/kubernetes/main.go
@@ -0,0 +1,110 @@
+/*
+Copyright 2021 iteratec GmbH.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+ "flag"
+ "os"
+
+ // Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.)
+ // to ensure that exec-entrypoint and run can make use of them.
+ _ "k8s.io/client-go/plugin/pkg/client/auth"
+
+ executionv1 "github.com/secureCodeBox/secureCodeBox/operator/apis/execution/v1"
+ "k8s.io/apimachinery/pkg/runtime"
+ utilruntime "k8s.io/apimachinery/pkg/util/runtime"
+ clientgoscheme "k8s.io/client-go/kubernetes/scheme"
+ ctrl "sigs.k8s.io/controller-runtime"
+ "sigs.k8s.io/controller-runtime/pkg/healthz"
+ "sigs.k8s.io/controller-runtime/pkg/log/zap"
+
+ configv1 "github.com/secureCodeBox/secureCodeBox/auto-discovery/kubernetes/api/v1"
+ "github.com/secureCodeBox/secureCodeBox/auto-discovery/kubernetes/controllers"
+ //+kubebuilder:scaffold:imports
+)
+
+var (
+ scheme = runtime.NewScheme()
+ setupLog = ctrl.Log.WithName("setup")
+)
+
+func init() {
+ utilruntime.Must(clientgoscheme.AddToScheme(scheme))
+ utilruntime.Must(executionv1.AddToScheme(scheme))
+ utilruntime.Must(configv1.AddToScheme(scheme))
+ //+kubebuilder:scaffold:scheme
+}
+
+func main() {
+ var configFile string
+ flag.StringVar(&configFile, "config", "",
+ "The controller will load its initial configuration from this file. "+
+ "Omit this flag to use the default configuration values. "+
+ "Command-line flags override configuration from this file.")
+ opts := zap.Options{
+ Development: true,
+ }
+ opts.BindFlags(flag.CommandLine)
+ flag.Parse()
+
+ ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts)))
+
+ var err error
+ ctrlConfig := configv1.AutoDiscoveryConfig{}
+ options := ctrl.Options{Scheme: scheme}
+ if configFile != "" {
+ options, err = options.AndFrom(ctrl.ConfigFile().AtPath(configFile).OfKind(&ctrlConfig))
+ if err != nil {
+ setupLog.Error(err, "unable to load the config file")
+ os.Exit(1)
+ }
+ }
+
+ mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), options)
+ if err != nil {
+ setupLog.Error(err, "unable to start manager")
+ os.Exit(1)
+ }
+
+ if err = (&controllers.ServiceScanReconciler{
+ Client: mgr.GetClient(),
+ Recorder: mgr.GetEventRecorderFor("ServiceScanController"),
+ Log: ctrl.Log.WithName("controllers").WithName("ServiceScanController"),
+ Scheme: mgr.GetScheme(),
+ Config: ctrlConfig,
+ }).SetupWithManager(mgr); err != nil {
+ setupLog.Error(err, "unable to create controller", "controller", "ScheduledScan")
+ os.Exit(1)
+ }
+
+ //+kubebuilder:scaffold:builder
+
+ if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil {
+ setupLog.Error(err, "unable to set up health check")
+ os.Exit(1)
+ }
+ if err := mgr.AddReadyzCheck("readyz", healthz.Ping); err != nil {
+ setupLog.Error(err, "unable to set up ready check")
+ os.Exit(1)
+ }
+
+ setupLog.Info("starting manager")
+ if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil {
+ setupLog.Error(err, "problem running manager")
+ os.Exit(1)
+ }
+}
diff --git a/auto-discovery/kubernetes/pkg/util/annotations.go b/auto-discovery/kubernetes/pkg/util/annotations.go
new file mode 100644
index 0000000000..d438e7dff5
--- /dev/null
+++ b/auto-discovery/kubernetes/pkg/util/annotations.go
@@ -0,0 +1,68 @@
+/*
+Copyright 2021 iteratec GmbH.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package util
+
+import (
+ "bytes"
+ "fmt"
+ "text/template"
+
+ "github.com/Masterminds/sprig"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+type Cluster struct {
+ Name string
+}
+
+type TemplateArgs struct {
+ Target metav1.ObjectMeta
+ Namespace metav1.ObjectMeta
+ Cluster Cluster
+}
+
+func RenderAnnotations(annotationsTemplates map[string]string, targetMeta metav1.ObjectMeta, namespaceMeta metav1.ObjectMeta, clusterName string) map[string]string {
+ annotations := map[string]string{}
+
+ templateArgs := TemplateArgs{
+ Target: targetMeta,
+ Namespace: namespaceMeta,
+ Cluster: Cluster{
+ Name: clusterName,
+ },
+ }
+
+ for key, value := range annotationsTemplates {
+ tmpl, err := template.New(fmt.Sprintf("Annotation Template for '%s'", key)).Funcs(sprig.TxtFuncMap()).Parse(value)
+ if err != nil {
+ panic(err)
+ }
+
+ var rawOutput bytes.Buffer
+ err = tmpl.Execute(&rawOutput, templateArgs)
+ output := rawOutput.String()
+
+ // skip empty string values to allow users to skip annotations
+ if output == "" {
+ continue
+ }
+
+ annotations[key] = output
+ }
+
+ return annotations
+}
diff --git a/auto-discovery/kubernetes/pkg/util/annotations_test.go b/auto-discovery/kubernetes/pkg/util/annotations_test.go
new file mode 100644
index 0000000000..ac11470d63
--- /dev/null
+++ b/auto-discovery/kubernetes/pkg/util/annotations_test.go
@@ -0,0 +1,83 @@
+/*
+Copyright 2021 iteratec GmbH.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package util
+
+import (
+ "testing"
+
+ "github.com/stretchr/testify/assert"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+type testData struct {
+ in map[string]string
+ expectedMapKeyLength int
+}
+
+// Tests that getAnnotationsForScan drops all annotations not prefixed with "*.securecodebox.io/*"
+func TestGetAnnotationsForScan(t *testing.T) {
+ assert.Equal(
+ t,
+ render(map[string]string{"foo": "bar"}),
+ map[string]string{"foo": "bar"},
+ "Should render plain strings unchanged",
+ )
+
+ assert.Equal(
+ t,
+ render(map[string]string{"foo": "Name: {{ .Target.Name }}"}),
+ map[string]string{"foo": "Name: service-foobar"},
+ "Should be able to render information of the target object",
+ )
+
+ assert.Equal(
+ t,
+ // Need to use "index" function here to be able to access the `app.kubernetes.io/name` as the special chars ('.' & '/') mess with golang templates
+ render(map[string]string{"foo": "Service: {{ index .Target.Labels `app.kubernetes.io/name` }}"}),
+ map[string]string{"foo": "Service: juice-shop"},
+ "Should be able to render infos from target labels",
+ )
+
+ assert.Equal(
+ t,
+ map[string]string{
+ "defectdojo.securecodebox.io/product-name": "test-cluster | foobar | service-foobar",
+ "defectdojo.securecodebox.io/product-tags": "cluster/test-cluster,namespace/foobar",
+ "defectdojo.securecodebox.io/engagement-name": "service-foobar",
+ },
+ render(
+ map[string]string{
+ "defectdojo.securecodebox.io/product-name": "{{ .Cluster.Name }} | {{ .Namespace.Name }} | {{ .Target.Name }}",
+ "defectdojo.securecodebox.io/product-tags": "cluster/{{ .Cluster.Name }},namespace/{{ .Namespace.Name }}",
+ "defectdojo.securecodebox.io/engagement-name": "{{ .Target.Name }}",
+ // Need to use "index" function here to be able to access the `app.kubernetes.io/name` as the special chars ('.' & '/') mess with golang templates
+ // Should be dropped as the template renders to a empty string as the service doesn't have the version label included
+ "defectdojo.securecodebox.io/engagement-version": "{{ default \"\" (index .Target.Labels `scm.securecodebox.io/branch`) }}",
+ }),
+ "Should be able to render out actual DefectDojo usage",
+ )
+}
+
+func render(annotationTemplates map[string]string) map[string]string {
+ targetMeta := metav1.ObjectMeta{Name: "service-foobar", Namespace: "foobar", Labels: map[string]string{
+ "foo": "bar",
+ "app.kubernetes.io/name": "juice-shop",
+ // "scm.securecodebox.io/branch": "v12.2.2",
+ }}
+ namespaceMeta := metav1.ObjectMeta{Name: "foobar", Labels: map[string]string{"foo": "bar"}}
+ return RenderAnnotations(annotationTemplates, targetMeta, namespaceMeta, "test-cluster")
+}
diff --git a/auto-discovery/kubernetes/templates/manager/config.yaml b/auto-discovery/kubernetes/templates/manager/config.yaml
new file mode 100644
index 0000000000..f0d55ebaf6
--- /dev/null
+++ b/auto-discovery/kubernetes/templates/manager/config.yaml
@@ -0,0 +1,11 @@
+# SPDX-FileCopyrightText: 2021 iteratec GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: auto-discovery
+data:
+ auto-discovery.yaml: | {{ .Values.config | toPrettyJson | nindent 4 }}
+
\ No newline at end of file
diff --git a/auto-discovery/kubernetes/templates/manager/manager.yaml b/auto-discovery/kubernetes/templates/manager/manager.yaml
new file mode 100644
index 0000000000..7879ea29a0
--- /dev/null
+++ b/auto-discovery/kubernetes/templates/manager/manager.yaml
@@ -0,0 +1,58 @@
+# SPDX-FileCopyrightText: 2021 iteratec GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: auto-discovery
+ labels:
+ control-plane: auto-discovery
+spec:
+ selector:
+ matchLabels:
+ control-plane: auto-discovery
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ control-plane: auto-discovery
+ spec:
+ serviceAccountName: auto-discovery
+ securityContext:
+ {{ .Values.podSecurityContext | toYaml | nindent 8 }}
+ containers:
+ - command:
+ - /manager
+ args:
+ - --config
+ - /etc/securecodebox/auto-discovery.yaml
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.Version }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ name: auto-discovery
+ resources:
+ {{- toYaml .Values.resources | nindent 12 }}
+ securityContext:
+ {{- toYaml .Values.securityContext | nindent 12 }}
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: 8081
+ initialDelaySeconds: 15
+ periodSeconds: 20
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: 8081
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ volumeMounts:
+ - name: config
+ mountPath: "/etc/securecodebox/auto-discovery.yaml"
+ readOnly: true
+ subPath: auto-discovery.yaml
+ volumes:
+ - name: config
+ configMap:
+ name: auto-discovery
+ terminationGracePeriodSeconds: 10
diff --git a/auto-discovery/kubernetes/templates/rbac/leader_election_role.yaml b/auto-discovery/kubernetes/templates/rbac/leader_election_role.yaml
new file mode 100644
index 0000000000..1cad055df4
--- /dev/null
+++ b/auto-discovery/kubernetes/templates/rbac/leader_election_role.yaml
@@ -0,0 +1,41 @@
+# SPDX-FileCopyrightText: 2021 iteratec GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+# permissions to do leader election.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: auto-discovery-leader-election-role
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+ - apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+ - apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
diff --git a/auto-discovery/kubernetes/templates/rbac/leader_election_role_binding.yaml b/auto-discovery/kubernetes/templates/rbac/leader_election_role_binding.yaml
new file mode 100644
index 0000000000..da6d1055c8
--- /dev/null
+++ b/auto-discovery/kubernetes/templates/rbac/leader_election_role_binding.yaml
@@ -0,0 +1,16 @@
+# SPDX-FileCopyrightText: 2021 iteratec GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: auto-discovery-leader-election-rolebinding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: auto-discovery-leader-election-role
+subjects:
+- kind: ServiceAccount
+ name: auto-discovery
+ namespace: {{ .Release.Namespace }}
diff --git a/auto-discovery/kubernetes/templates/rbac/role.yaml b/auto-discovery/kubernetes/templates/rbac/role.yaml
new file mode 100644
index 0000000000..b36e5759b9
--- /dev/null
+++ b/auto-discovery/kubernetes/templates/rbac/role.yaml
@@ -0,0 +1,73 @@
+# SPDX-FileCopyrightText: 2021 iteratec GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: auto-discovery
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - namespaces
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - pods
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - pods/status
+ verbs:
+ - get
+- apiGroups:
+ - ""
+ resources:
+ - services
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - services/status
+ verbs:
+ - get
+- apiGroups:
+ - execution.securecodebox.io
+ resources:
+ - scantypes
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - execution.securecodebox.io
+ resources:
+ - scheduledscans
+ verbs:
+ - create
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - execution.securecodebox.io/status
+ resources:
+ - scheduledscans
+ verbs:
+ - get
+ - patch
+ - update
diff --git a/auto-discovery/kubernetes/templates/rbac/role_binding.yaml b/auto-discovery/kubernetes/templates/rbac/role_binding.yaml
new file mode 100644
index 0000000000..a880964d8d
--- /dev/null
+++ b/auto-discovery/kubernetes/templates/rbac/role_binding.yaml
@@ -0,0 +1,16 @@
+# SPDX-FileCopyrightText: 2021 iteratec GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: auto-discovery
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: auto-discovery
+subjects:
+- kind: ServiceAccount
+ name: auto-discovery
+ namespace: {{ .Release.Namespace }}
diff --git a/auto-discovery/kubernetes/templates/rbac/service_account.yaml b/auto-discovery/kubernetes/templates/rbac/service_account.yaml
new file mode 100644
index 0000000000..f68730d1c7
--- /dev/null
+++ b/auto-discovery/kubernetes/templates/rbac/service_account.yaml
@@ -0,0 +1,8 @@
+# SPDX-FileCopyrightText: 2021 iteratec GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: auto-discovery
diff --git a/auto-discovery/kubernetes/values.yaml b/auto-discovery/kubernetes/values.yaml
new file mode 100644
index 0000000000..27e418fe66
--- /dev/null
+++ b/auto-discovery/kubernetes/values.yaml
@@ -0,0 +1,73 @@
+# SPDX-FileCopyrightText: 2021 iteratec GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+image:
+ repository: securecodebox/auto-discovery-kubernetes
+ tag: null
+ pullPolicy: Always
+
+config:
+ # config is using kubebuilder config framework, it may look like this is a crd but its not, see https://book.kubebuilder.io/component-config-tutorial/tutorial.html
+ apiVersion: config.securecodebox.io/v1
+ kind: AutoDiscoveryConfig
+
+ cluster:
+ name: docker-desktop
+ resourceInclusion:
+ mode: enabled-per-namespace
+
+ serviceAutoDiscovery:
+ # -- interval in which every service is re-checked for updated pods, if service object is updated directly this the service will get reconciled immediately
+ passiveReconcileInterval: 1m
+ scanConfig:
+ # -- scanType used for the scans created by the serviceAutoDiscovery
+ scanType: zap-advanced-scan
+ # -- parameters used for the scans created by the serviceAutoDiscovery
+ parameters:
+ - "-t"
+ - "{{ .Host.Type }}://{{ .Service.Name }}.{{ .Service.Namespace }}.svc:{{ .Host.Port }}"
+ # -- interval in which scans are automatically repeated. If the target is updated (meaning a new image revision is deployed) the scan will repeated beforehand and the interval is reset.
+ repeatInterval: "168h"
+ # -- labels to be added to the scans started by the auto-discovery
+ labels: {}
+ # -- annotations to be added to the scans started by the auto-discovery
+ annotations:
+ defectdojo.securecodebox.io/product-name: "{{ .Cluster.Name }} | {{ .Namespace.Name }} | {{ .Target.Name }}"
+ defectdojo.securecodebox.io/product-tags: "cluster/{{ .Cluster.Name }},namespace/{{ .Namespace.Name }}"
+ defectdojo.securecodebox.io/engagement-name: "{{ .Target.Name }}"
+ defectdojo.securecodebox.io/engagement-version: "{{if (index .Target.Labels `app.kubernetes.io/version`) }}{{ index .Target.Labels `app.kubernetes.io/version` }}{{end}}"
+ health:
+ healthProbeBindAddress: :8081
+ metrics:
+ bindAddress: 127.0.0.1:8080
+ leaderElection:
+ leaderElect: true
+ resourceName: 0e41a1f4.securecodebox.io
+
+# -- Sets the securityContext on the operators container level. See: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
+securityContext:
+ # securityContext.runAsNonRoot -- Enforces that the Operator image is run as a non root user
+ runAsNonRoot: true
+ # securityContext.readOnlyRootFilesystem -- Prevents write access to the containers file system
+ readOnlyRootFilesystem: true
+ # securityContext.allowPrivilegeEscalation -- Ensure that users privileges cannot be escalated
+ allowPrivilegeEscalation: false
+ # securityContext.privileged -- Ensures that the operator container is not run in privileged mode
+ privileged: false
+ capabilities:
+ drop:
+ # securityContext.capabilities.drop[0] -- This drops all linux privileges from the operator container. They are not required
+ - all
+
+# -- Sets the securityContext on the operators pod level. See: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
+podSecurityContext: {}
+
+# resources -- CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/)
+resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 100m
+ memory: 20Mi
\ No newline at end of file
diff --git a/auto-discovery/readme.md b/auto-discovery/readme.md
new file mode 100644
index 0000000000..fe6afd358f
--- /dev/null
+++ b/auto-discovery/readme.md
@@ -0,0 +1,20 @@
+
+
+# secureCodeBox Auto-Discovery
+
+The Auto Discovery Services monitor security relevant resources inside a cloud environment and automatically create scans to continuously monitor security aspects of the resources. We aim to eventually support most mayor cloud providers, like AWS, GCP and Azure, but also runtime environments on top of these, primarily kubernetes.
+
+## Example
+
+A developer deploys an app to a kubernetes cluster where the secureCodeBox and the kubernetes cloud integration for the secureCodeBox is installed. They create an Deployment for their application container and a Ingress to expose the application to the world.
+
+The kubernetes cloud integration service will automatically detect these new resources and start scans for them.
+The scans it would start:
+
+1. A image scan scanning for vulnerable libraries in the docker / container image of the deployment. (Using trivy)
+2. A TLS scan against the certificate of the ingress for the host. (Using SSLyze)
+3. A ZAP scan to detect basic web vulnerabilities in the service. (Using OWASP ZAP)
diff --git a/bin/add-license-header.sh b/bin/add-license-header.sh
index ebc20a113a..08db9d6ede 100755
--- a/bin/add-license-header.sh
+++ b/bin/add-license-header.sh
@@ -36,7 +36,7 @@ fi
for file in $FILES; do
echo "Adding HEADER to file: $file"
- reuse addheader \
+ docker run --rm --volume $(pwd):/data fsfe/reuse addheader \
--copyright "iteratec GmbH" \
--year 2021 \
--license "Apache-2.0" \
diff --git a/demo-targets/bodgeit/README.md b/demo-targets/bodgeit/README.md
index f8a1faa36c..c3452e7f65 100644
--- a/demo-targets/bodgeit/README.md
+++ b/demo-targets/bodgeit/README.md
@@ -15,12 +15,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -45,7 +45,7 @@ BodgeIt Store is a serverside rendering based html website without any heavy jav
*
## Deployment
-The bodgeit `scanType` can be deployed via helm:
+The bodgeit chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/demo-targets/bodgeit/docs/README.ArtifactHub.md b/demo-targets/bodgeit/docs/README.ArtifactHub.md
index 6276dfd269..948bf8b65e 100644
--- a/demo-targets/bodgeit/docs/README.ArtifactHub.md
+++ b/demo-targets/bodgeit/docs/README.ArtifactHub.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -52,7 +52,7 @@ BodgeIt Store is a serverside rendering based html website without any heavy jav
*
## Deployment
-The bodgeit `scanType` can be deployed via helm:
+The bodgeit chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/demo-targets/bodgeit/docs/README.DockerHub-Target.md b/demo-targets/bodgeit/docs/README.DockerHub-Target.md
index c233c5a426..456a7bf304 100644
--- a/demo-targets/bodgeit/docs/README.DockerHub-Target.md
+++ b/demo-targets/bodgeit/docs/README.DockerHub-Target.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -45,7 +45,7 @@ You can find resources to help you get started on our [documentation website](ht
- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
## How to use this image
-This image is an potentialy vulnerable service or application which is used for demo purposes, automated tests and trainings.
+This image is a potentially vulnerable service or application which is used for demo purposes, automated tests and trainings.
```bash
docker pull securecodebox/bodgeit
diff --git a/demo-targets/dummy-ssh/README.md b/demo-targets/dummy-ssh/README.md
index 242d19359d..0b79e6890d 100644
--- a/demo-targets/dummy-ssh/README.md
+++ b/demo-targets/dummy-ssh/README.md
@@ -15,12 +15,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -48,7 +48,7 @@ There are also vulnerable credentials which can be identified via bruteforcing:
*
## Deployment
-The dummy-ssh `scanType` can be deployed via helm:
+The dummy-ssh chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/demo-targets/dummy-ssh/docs/README.ArtifactHub.md b/demo-targets/dummy-ssh/docs/README.ArtifactHub.md
index cf681cb2a9..4fa0c3704e 100644
--- a/demo-targets/dummy-ssh/docs/README.ArtifactHub.md
+++ b/demo-targets/dummy-ssh/docs/README.ArtifactHub.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -55,7 +55,7 @@ There are also vulnerable credentials which can be identified via bruteforcing:
*
## Deployment
-The dummy-ssh `scanType` can be deployed via helm:
+The dummy-ssh chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/demo-targets/dummy-ssh/docs/README.DockerHub-Target.md b/demo-targets/dummy-ssh/docs/README.DockerHub-Target.md
index 146c53a923..cfda4ff27d 100644
--- a/demo-targets/dummy-ssh/docs/README.DockerHub-Target.md
+++ b/demo-targets/dummy-ssh/docs/README.DockerHub-Target.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -45,7 +45,7 @@ You can find resources to help you get started on our [documentation website](ht
- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
## How to use this image
-This image is an potentialy vulnerable service or application which is used for demo purposes, automated tests and trainings.
+This image is a potentially vulnerable service or application which is used for demo purposes, automated tests and trainings.
```bash
docker pull securecodebox/dummy-ssh
diff --git a/demo-targets/http-webhook/README.md b/demo-targets/http-webhook/README.md
index e8c511c428..18fd0053f6 100644
--- a/demo-targets/http-webhook/README.md
+++ b/demo-targets/http-webhook/README.md
@@ -15,12 +15,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -42,7 +42,7 @@ A Dummy webserver to echo HTTP requests in log.
*
## Deployment
-The http-webhook `scanType` can be deployed via helm:
+The http-webhook chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/demo-targets/http-webhook/docs/README.ArtifactHub.md b/demo-targets/http-webhook/docs/README.ArtifactHub.md
index 476ea9bb7a..185e0119db 100644
--- a/demo-targets/http-webhook/docs/README.ArtifactHub.md
+++ b/demo-targets/http-webhook/docs/README.ArtifactHub.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -49,7 +49,7 @@ A Dummy webserver to echo HTTP requests in log.
*
## Deployment
-The http-webhook `scanType` can be deployed via helm:
+The http-webhook chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/demo-targets/http-webhook/docs/README.DockerHub-Target.md b/demo-targets/http-webhook/docs/README.DockerHub-Target.md
index 3b78d077d8..5018a399b9 100644
--- a/demo-targets/http-webhook/docs/README.DockerHub-Target.md
+++ b/demo-targets/http-webhook/docs/README.DockerHub-Target.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -45,7 +45,7 @@ You can find resources to help you get started on our [documentation website](ht
- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
## How to use this image
-This image is an potentialy vulnerable service or application which is used for demo purposes, automated tests and trainings.
+This image is a potentially vulnerable service or application which is used for demo purposes, automated tests and trainings.
```bash
docker pull securecodebox/http-webhook
diff --git a/demo-targets/juice-shop/README.md b/demo-targets/juice-shop/README.md
index 51ec12c56b..91853096b5 100644
--- a/demo-targets/juice-shop/README.md
+++ b/demo-targets/juice-shop/README.md
@@ -15,12 +15,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -45,7 +45,7 @@ OWASP Juice Shop: Probably the most modern and sophisticated insecure web applic
*
## Deployment
-The juice-shop `scanType` can be deployed via helm:
+The juice-shop chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/demo-targets/juice-shop/docs/README.ArtifactHub.md b/demo-targets/juice-shop/docs/README.ArtifactHub.md
index 92d62babfc..cb108f7bbd 100644
--- a/demo-targets/juice-shop/docs/README.ArtifactHub.md
+++ b/demo-targets/juice-shop/docs/README.ArtifactHub.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -52,7 +52,7 @@ OWASP Juice Shop: Probably the most modern and sophisticated insecure web applic
*
## Deployment
-The juice-shop `scanType` can be deployed via helm:
+The juice-shop chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/demo-targets/juice-shop/docs/README.DockerHub-Target.md b/demo-targets/juice-shop/docs/README.DockerHub-Target.md
index 90d65fab18..2ec85baa8e 100644
--- a/demo-targets/juice-shop/docs/README.DockerHub-Target.md
+++ b/demo-targets/juice-shop/docs/README.DockerHub-Target.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -45,7 +45,7 @@ You can find resources to help you get started on our [documentation website](ht
- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
## How to use this image
-This image is an potentialy vulnerable service or application which is used for demo purposes, automated tests and trainings.
+This image is a potentially vulnerable service or application which is used for demo purposes, automated tests and trainings.
```bash
docker pull securecodebox/juice-shop
diff --git a/demo-targets/old-wordpress/README.md b/demo-targets/old-wordpress/README.md
index a40a2325d1..13897cfedc 100644
--- a/demo-targets/old-wordpress/README.md
+++ b/demo-targets/old-wordpress/README.md
@@ -15,12 +15,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -42,7 +42,7 @@ Insecure & Outdated WordPress Instance: Never expose it to the internet!
*
## Deployment
-The old-wordpress `scanType` can be deployed via helm:
+The old-wordpress chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/demo-targets/old-wordpress/docs/README.ArtifactHub.md b/demo-targets/old-wordpress/docs/README.ArtifactHub.md
index 49d124bce3..e4fc9cc56b 100644
--- a/demo-targets/old-wordpress/docs/README.ArtifactHub.md
+++ b/demo-targets/old-wordpress/docs/README.ArtifactHub.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -49,7 +49,7 @@ Insecure & Outdated WordPress Instance: Never expose it to the internet!
*
## Deployment
-The old-wordpress `scanType` can be deployed via helm:
+The old-wordpress chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/demo-targets/old-wordpress/docs/README.DockerHub-Target.md b/demo-targets/old-wordpress/docs/README.DockerHub-Target.md
index 76467d4dce..ba16e071be 100644
--- a/demo-targets/old-wordpress/docs/README.DockerHub-Target.md
+++ b/demo-targets/old-wordpress/docs/README.DockerHub-Target.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -45,7 +45,7 @@ You can find resources to help you get started on our [documentation website](ht
- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
## How to use this image
-This image is an potentialy vulnerable service or application which is used for demo purposes, automated tests and trainings.
+This image is a potentially vulnerable service or application which is used for demo purposes, automated tests and trainings.
```bash
docker pull securecodebox/old-wordpress
diff --git a/demo-targets/swagger-petstore/README.md b/demo-targets/swagger-petstore/README.md
index 7a4cab5fd1..de4ac9508f 100644
--- a/demo-targets/swagger-petstore/README.md
+++ b/demo-targets/swagger-petstore/README.md
@@ -15,12 +15,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -43,7 +43,7 @@ This is the sample petstore application with a restful API.
*
## Deployment
-The swagger-petstore `scanType` can be deployed via helm:
+The swagger-petstore chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/demo-targets/swagger-petstore/docs/README.ArtifactHub.md b/demo-targets/swagger-petstore/docs/README.ArtifactHub.md
index ea0bde90e2..79d0d58c61 100644
--- a/demo-targets/swagger-petstore/docs/README.ArtifactHub.md
+++ b/demo-targets/swagger-petstore/docs/README.ArtifactHub.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -50,7 +50,7 @@ This is the sample petstore application with a restful API.
*
## Deployment
-The swagger-petstore `scanType` can be deployed via helm:
+The swagger-petstore chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/demo-targets/swagger-petstore/docs/README.DockerHub-Target.md b/demo-targets/swagger-petstore/docs/README.DockerHub-Target.md
index 3ae2192075..0d0573cec9 100644
--- a/demo-targets/swagger-petstore/docs/README.DockerHub-Target.md
+++ b/demo-targets/swagger-petstore/docs/README.DockerHub-Target.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -45,7 +45,7 @@ You can find resources to help you get started on our [documentation website](ht
- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
## How to use this image
-This image is an potentialy vulnerable service or application which is used for demo purposes, automated tests and trainings.
+This image is a potentially vulnerable service or application which is used for demo purposes, automated tests and trainings.
```bash
docker pull securecodebox/swagger-petstore
diff --git a/demo-targets/unsafe-https/README.md b/demo-targets/unsafe-https/README.md
index f0d667421d..f803093afb 100644
--- a/demo-targets/unsafe-https/README.md
+++ b/demo-targets/unsafe-https/README.md
@@ -15,12 +15,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -44,7 +44,7 @@ which contains both private and public key and is not authorized by a third part
*
## Deployment
-The unsafe-https `scanType` can be deployed via helm:
+The unsafe-https chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/demo-targets/unsafe-https/docs/README.ArtifactHub.md b/demo-targets/unsafe-https/docs/README.ArtifactHub.md
index 23615e520a..b8bade370d 100644
--- a/demo-targets/unsafe-https/docs/README.ArtifactHub.md
+++ b/demo-targets/unsafe-https/docs/README.ArtifactHub.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -51,7 +51,7 @@ which contains both private and public key and is not authorized by a third part
*
## Deployment
-The unsafe-https `scanType` can be deployed via helm:
+The unsafe-https chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/demo-targets/unsafe-https/docs/README.DockerHub-Target.md b/demo-targets/unsafe-https/docs/README.DockerHub-Target.md
index 9a18ece71b..7bc3df3282 100644
--- a/demo-targets/unsafe-https/docs/README.DockerHub-Target.md
+++ b/demo-targets/unsafe-https/docs/README.DockerHub-Target.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -45,7 +45,7 @@ You can find resources to help you get started on our [documentation website](ht
- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
## How to use this image
-This image is an potentialy vulnerable service or application which is used for demo purposes, automated tests and trainings.
+This image is a potentially vulnerable service or application which is used for demo purposes, automated tests and trainings.
```bash
docker pull securecodebox/unsafe-https
diff --git a/hooks/cascading-scans/README.md b/hooks/cascading-scans/README.md
index 6a1e67fcff..02694fe6ea 100644
--- a/hooks/cascading-scans/README.md
+++ b/hooks/cascading-scans/README.md
@@ -14,12 +14,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -40,7 +40,7 @@ The so called `CascadingRules` consist of a `matches` section which contains one
This Hook is based on the ADR https://github.com/secureCodeBox/secureCodeBox/blob/main/docs/adr/adr_0003.md
## Deployment
-The cascading-scans `scanType` can be deployed via helm:
+The cascading-scans chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/hooks/cascading-scans/docs/README.ArtifactHub.md b/hooks/cascading-scans/docs/README.ArtifactHub.md
index 03e2567738..5864840f2a 100644
--- a/hooks/cascading-scans/docs/README.ArtifactHub.md
+++ b/hooks/cascading-scans/docs/README.ArtifactHub.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -48,7 +48,7 @@ The so called `CascadingRules` consist of a `matches` section which contains one
This Hook is based on the ADR https://github.com/secureCodeBox/secureCodeBox/blob/main/docs/adr/adr_0003.md
## Deployment
-The cascading-scans `scanType` can be deployed via helm:
+The cascading-scans chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/hooks/cascading-scans/docs/README.DockerHub-Hook.md b/hooks/cascading-scans/docs/README.DockerHub-Hook.md
index f96f72220b..0700143c5c 100644
--- a/hooks/cascading-scans/docs/README.DockerHub-Hook.md
+++ b/hooks/cascading-scans/docs/README.DockerHub-Hook.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -45,7 +45,7 @@ You can find resources to help you get started on our [documentation website](ht
- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
## How to use this image
-This `hook` image is intended to work in combination with other `parser` images to read or manipulate `findings` results. For more informations details please take a look at the [project page][scb-docs] or [documentation page][https://docs.securecodebox.io/docs/hooks/cascading-scans].
+This `hook` image is intended to work in combination with other `parser` images to read or manipulate `findings` results. For more information details please take a look at the [project page][scb-docs] or [documentation page][https://docs.securecodebox.io/docs/hooks/cascading-scans].
```bash
docker pull securecodebox/hook-cascading-scans
diff --git a/hooks/finding-post-processing/README.md b/hooks/finding-post-processing/README.md
index 89693aac6a..fb364b8a93 100644
--- a/hooks/finding-post-processing/README.md
+++ b/hooks/finding-post-processing/README.md
@@ -14,12 +14,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -37,7 +37,7 @@ Installing the _Finding Post Processing_ hook will add a ReadAndWrite Hook to yo
which can be used to add or update fields from your findings meeting specified conditions.
## Deployment
-The finding-post-processing `scanType` can be deployed via helm:
+The finding-post-processing chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/hooks/finding-post-processing/docs/README.ArtifactHub.md b/hooks/finding-post-processing/docs/README.ArtifactHub.md
index 9efd554e39..62835f2694 100644
--- a/hooks/finding-post-processing/docs/README.ArtifactHub.md
+++ b/hooks/finding-post-processing/docs/README.ArtifactHub.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -45,7 +45,7 @@ Installing the _Finding Post Processing_ hook will add a ReadAndWrite Hook to yo
which can be used to add or update fields from your findings meeting specified conditions.
## Deployment
-The finding-post-processing `scanType` can be deployed via helm:
+The finding-post-processing chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/hooks/finding-post-processing/docs/README.DockerHub-Hook.md b/hooks/finding-post-processing/docs/README.DockerHub-Hook.md
index cd94f0e4d3..ccb7d797c5 100644
--- a/hooks/finding-post-processing/docs/README.DockerHub-Hook.md
+++ b/hooks/finding-post-processing/docs/README.DockerHub-Hook.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -45,7 +45,7 @@ You can find resources to help you get started on our [documentation website](ht
- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
## How to use this image
-This `hook` image is intended to work in combination with other `parser` images to read or manipulate `findings` results. For more informations details please take a look at the [project page][scb-docs] or [documentation page][https://docs.securecodebox.io/docs/hooks/finding-post-processing].
+This `hook` image is intended to work in combination with other `parser` images to read or manipulate `findings` results. For more information details please take a look at the [project page][scb-docs] or [documentation page][https://docs.securecodebox.io/docs/hooks/finding-post-processing].
```bash
docker pull securecodebox/hook-finding-post-processing
diff --git a/hooks/generic-webhook/README.md b/hooks/generic-webhook/README.md
index 75ffe561e6..cd3a587eaa 100644
--- a/hooks/generic-webhook/README.md
+++ b/hooks/generic-webhook/README.md
@@ -14,12 +14,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -36,7 +36,7 @@ Otherwise your changes will be reverted/overriden automaticaly due to the build
Installing the Generic WebHook hook will add a ReadOnly Hook to your namespace which is capable of sending scan results containing `findings` to a given webhook url.
## Deployment
-The generic-webhook `scanType` can be deployed via helm:
+The generic-webhook chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/hooks/generic-webhook/docs/README.ArtifactHub.md b/hooks/generic-webhook/docs/README.ArtifactHub.md
index 74404aa940..1b422f1ec0 100644
--- a/hooks/generic-webhook/docs/README.ArtifactHub.md
+++ b/hooks/generic-webhook/docs/README.ArtifactHub.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -44,7 +44,7 @@ You can find resources to help you get started on our [documentation website](ht
Installing the Generic WebHook hook will add a ReadOnly Hook to your namespace which is capable of sending scan results containing `findings` to a given webhook url.
## Deployment
-The generic-webhook `scanType` can be deployed via helm:
+The generic-webhook chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/hooks/generic-webhook/docs/README.DockerHub-Hook.md b/hooks/generic-webhook/docs/README.DockerHub-Hook.md
index 280ada60a0..4e44ec0f40 100644
--- a/hooks/generic-webhook/docs/README.DockerHub-Hook.md
+++ b/hooks/generic-webhook/docs/README.DockerHub-Hook.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -45,7 +45,7 @@ You can find resources to help you get started on our [documentation website](ht
- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
## How to use this image
-This `hook` image is intended to work in combination with other `parser` images to read or manipulate `findings` results. For more informations details please take a look at the [project page][scb-docs] or [documentation page][https://docs.securecodebox.io/docs/hooks/generic-webhook].
+This `hook` image is intended to work in combination with other `parser` images to read or manipulate `findings` results. For more information details please take a look at the [project page][scb-docs] or [documentation page][https://docs.securecodebox.io/docs/hooks/generic-webhook].
```bash
docker pull securecodebox/hook-generic-webhook
diff --git a/hooks/notification/README.md b/hooks/notification/README.md
index 99d57f7b83..bb1518b253 100644
--- a/hooks/notification/README.md
+++ b/hooks/notification/README.md
@@ -14,12 +14,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -38,7 +38,7 @@ Installing the Notification WebHook hook will add a ReadOnly Hook to your namesp
You can customise the message templates on your behalf or use the already provided one.
## Deployment
-The notification `scanType` can be deployed via helm:
+The notification chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/hooks/notification/docs/README.ArtifactHub.md b/hooks/notification/docs/README.ArtifactHub.md
index 795c1aed92..f24495afae 100644
--- a/hooks/notification/docs/README.ArtifactHub.md
+++ b/hooks/notification/docs/README.ArtifactHub.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -46,7 +46,7 @@ Installing the Notification WebHook hook will add a ReadOnly Hook to your namesp
You can customise the message templates on your behalf or use the already provided one.
## Deployment
-The notification `scanType` can be deployed via helm:
+The notification chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/hooks/notification/docs/README.DockerHub-Hook.md b/hooks/notification/docs/README.DockerHub-Hook.md
index 107aa46bd3..7799cf8124 100644
--- a/hooks/notification/docs/README.DockerHub-Hook.md
+++ b/hooks/notification/docs/README.DockerHub-Hook.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -45,7 +45,7 @@ You can find resources to help you get started on our [documentation website](ht
- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
## How to use this image
-This `hook` image is intended to work in combination with other `parser` images to read or manipulate `findings` results. For more informations details please take a look at the [project page][scb-docs] or [documentation page][].
+This `hook` image is intended to work in combination with other `parser` images to read or manipulate `findings` results. For more information details please take a look at the [project page][scb-docs] or [documentation page][].
```bash
docker pull securecodebox/hook-notification
diff --git a/hooks/persistence-defectdojo/README.md b/hooks/persistence-defectdojo/README.md
index 76d8563215..47354a8d87 100644
--- a/hooks/persistence-defectdojo/README.md
+++ b/hooks/persistence-defectdojo/README.md
@@ -14,12 +14,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -87,7 +87,7 @@ java -jar build/libs/defectdojo-persistenceprovider-0.1.0-SNAPSHOT.jar https://g
```
## Deployment
-The persistence-defectdojo `scanType` can be deployed via helm:
+The persistence-defectdojo chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/hooks/persistence-defectdojo/docs/README.ArtifactHub.md b/hooks/persistence-defectdojo/docs/README.ArtifactHub.md
index 7fe4838f2f..20564b7a90 100644
--- a/hooks/persistence-defectdojo/docs/README.ArtifactHub.md
+++ b/hooks/persistence-defectdojo/docs/README.ArtifactHub.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -95,7 +95,7 @@ java -jar build/libs/defectdojo-persistenceprovider-0.1.0-SNAPSHOT.jar https://g
```
## Deployment
-The persistence-defectdojo `scanType` can be deployed via helm:
+The persistence-defectdojo chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/hooks/persistence-defectdojo/docs/README.DockerHub-Hook.md b/hooks/persistence-defectdojo/docs/README.DockerHub-Hook.md
index 077a777617..df5dac643e 100644
--- a/hooks/persistence-defectdojo/docs/README.DockerHub-Hook.md
+++ b/hooks/persistence-defectdojo/docs/README.DockerHub-Hook.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -45,7 +45,7 @@ You can find resources to help you get started on our [documentation website](ht
- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
## How to use this image
-This `hook` image is intended to work in combination with other `parser` images to read or manipulate `findings` results. For more informations details please take a look at the [project page][scb-docs] or [documentation page][https://docs.securecodebox.io/docs/hooks/defectdojo].
+This `hook` image is intended to work in combination with other `parser` images to read or manipulate `findings` results. For more information details please take a look at the [project page][scb-docs] or [documentation page][https://docs.securecodebox.io/docs/hooks/defectdojo].
```bash
docker pull securecodebox/hook-persistence-defectdojo
diff --git a/hooks/persistence-elastic/README.md b/hooks/persistence-elastic/README.md
index 93c207619c..e8e0b8da0a 100644
--- a/hooks/persistence-elastic/README.md
+++ b/hooks/persistence-elastic/README.md
@@ -14,12 +14,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -38,7 +38,7 @@ The ElasticSearch persistenceProvider hook saves all findings and reports into t
Installing the Elasticsearch persistenceProvider hook will add a _ReadOnly Hook_ to your namespace.
## Deployment
-The persistence-elastic `scanType` can be deployed via helm:
+The persistence-elastic chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/hooks/persistence-elastic/docs/README.ArtifactHub.md b/hooks/persistence-elastic/docs/README.ArtifactHub.md
index 44cae4de7c..f78385b55a 100644
--- a/hooks/persistence-elastic/docs/README.ArtifactHub.md
+++ b/hooks/persistence-elastic/docs/README.ArtifactHub.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -46,7 +46,7 @@ The ElasticSearch persistenceProvider hook saves all findings and reports into t
Installing the Elasticsearch persistenceProvider hook will add a _ReadOnly Hook_ to your namespace.
## Deployment
-The persistence-elastic `scanType` can be deployed via helm:
+The persistence-elastic chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/hooks/persistence-elastic/docs/README.DockerHub-Hook.md b/hooks/persistence-elastic/docs/README.DockerHub-Hook.md
index 90e661404d..5aa22b357b 100644
--- a/hooks/persistence-elastic/docs/README.DockerHub-Hook.md
+++ b/hooks/persistence-elastic/docs/README.DockerHub-Hook.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -45,7 +45,7 @@ You can find resources to help you get started on our [documentation website](ht
- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
## How to use this image
-This `hook` image is intended to work in combination with other `parser` images to read or manipulate `findings` results. For more informations details please take a look at the [project page][scb-docs] or [documentation page][https://docs.securecodebox.io/docs/hooks/elasticsearch].
+This `hook` image is intended to work in combination with other `parser` images to read or manipulate `findings` results. For more information details please take a look at the [project page][scb-docs] or [documentation page][https://docs.securecodebox.io/docs/hooks/elasticsearch].
```bash
docker pull securecodebox/hook-persistence-elastic
diff --git a/hooks/teams-webhook/README.md b/hooks/teams-webhook/README.md
index 46df93835e..948599d8bd 100644
--- a/hooks/teams-webhook/README.md
+++ b/hooks/teams-webhook/README.md
@@ -14,12 +14,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -36,7 +36,7 @@ Otherwise your changes will be reverted/overriden automaticaly due to the build
> 🔧 This chart is deprecated and will be replaced by the more general `notification-hook` soon
## Deployment
-The teams-webhook `scanType` can be deployed via helm:
+The teams-webhook chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/hooks/teams-webhook/docs/README.ArtifactHub.md b/hooks/teams-webhook/docs/README.ArtifactHub.md
index 1627d29870..1e0650fa3c 100644
--- a/hooks/teams-webhook/docs/README.ArtifactHub.md
+++ b/hooks/teams-webhook/docs/README.ArtifactHub.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -44,7 +44,7 @@ You can find resources to help you get started on our [documentation website](ht
> 🔧 This chart is deprecated and will be replaced by the more general `notification-hook` soon
## Deployment
-The teams-webhook `scanType` can be deployed via helm:
+The teams-webhook chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/hooks/teams-webhook/docs/README.DockerHub-Hook.md b/hooks/teams-webhook/docs/README.DockerHub-Hook.md
index bd6d213294..d6382bf32e 100644
--- a/hooks/teams-webhook/docs/README.DockerHub-Hook.md
+++ b/hooks/teams-webhook/docs/README.DockerHub-Hook.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -45,7 +45,7 @@ You can find resources to help you get started on our [documentation website](ht
- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
## How to use this image
-This `hook` image is intended to work in combination with other `parser` images to read or manipulate `findings` results. For more informations details please take a look at the [project page][scb-docs] or [documentation page][https://docs.securecodebox.io/docs/hooks/ms-teams-webhook].
+This `hook` image is intended to work in combination with other `parser` images to read or manipulate `findings` results. For more information details please take a look at the [project page][scb-docs] or [documentation page][https://docs.securecodebox.io/docs/hooks/ms-teams-webhook].
```bash
docker pull securecodebox/hook-teams-webhook
diff --git a/hooks/update-field/README.md b/hooks/update-field/README.md
index 82bde6330e..1b84f04795 100644
--- a/hooks/update-field/README.md
+++ b/hooks/update-field/README.md
@@ -14,12 +14,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -37,7 +37,7 @@ Otherwise your changes will be reverted/overriden automaticaly due to the build
> ✍ This documentation is currently work-in-progress.
## Deployment
-The update-field-hook `scanType` can be deployed via helm:
+The update-field-hook chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/hooks/update-field/docs/README.ArtifactHub.md b/hooks/update-field/docs/README.ArtifactHub.md
index 8ef1e2637d..d828d7c39e 100644
--- a/hooks/update-field/docs/README.ArtifactHub.md
+++ b/hooks/update-field/docs/README.ArtifactHub.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -45,7 +45,7 @@ You can find resources to help you get started on our [documentation website](ht
> ✍ This documentation is currently work-in-progress.
## Deployment
-The update-field-hook `scanType` can be deployed via helm:
+The update-field-hook chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/hooks/update-field/docs/README.DockerHub-Hook.md b/hooks/update-field/docs/README.DockerHub-Hook.md
index ea532bcc41..17109c816e 100644
--- a/hooks/update-field/docs/README.DockerHub-Hook.md
+++ b/hooks/update-field/docs/README.DockerHub-Hook.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -45,7 +45,7 @@ You can find resources to help you get started on our [documentation website](ht
- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
## How to use this image
-This `hook` image is intended to work in combination with other `parser` images to read or manipulate `findings` results. For more informations details please take a look at the [project page][scb-docs] or [documentation page][].
+This `hook` image is intended to work in combination with other `parser` images to read or manipulate `findings` results. For more information details please take a look at the [project page][scb-docs] or [documentation page][].
```bash
docker pull securecodebox/hook-update-field-hook
diff --git a/operator/.helm-docs.gotmpl b/operator/.helm-docs.gotmpl
index e149f92ffd..f6419bf791 100644
--- a/operator/.helm-docs.gotmpl
+++ b/operator/.helm-docs.gotmpl
@@ -11,7 +11,7 @@ category: "core"
type: "Operator"
state: "released"
appVersion: "{{ template "chart.appVersion" . }}"
-usecase: "secureCodeBox Operator is the core componente."
+usecase: "secureCodeBox Operator is the core component."
---
diff --git a/operator/README.md b/operator/README.md
index 105994d75a..efea7d4d3f 100644
--- a/operator/README.md
+++ b/operator/README.md
@@ -4,7 +4,7 @@ category: "core"
type: "Operator"
state: "released"
appVersion: ""
-usecase: "secureCodeBox Operator is the core componente."
+usecase: "secureCodeBox Operator is the core component."
---
@@ -17,12 +17,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -41,7 +41,7 @@ The secureCodeBox operator is running on Kubernetes and is the core component of
**Homepage:**
## Deployment
-The operator `scanType` can be deployed via helm:
+The operator chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/operator/docs/README.ArtifactHub.md b/operator/docs/README.ArtifactHub.md
index d37ff8157f..7da3f2d290 100644
--- a/operator/docs/README.ArtifactHub.md
+++ b/operator/docs/README.ArtifactHub.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -46,7 +46,7 @@ The secureCodeBox operator is running on Kubernetes and is the core component of
**Homepage:**
## Deployment
-The operator `scanType` can be deployed via helm:
+The operator chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/operator/docs/README.DockerHub-Core.md b/operator/docs/README.DockerHub-Core.md
index 416c3a30b2..855669c989 100644
--- a/operator/docs/README.DockerHub-Core.md
+++ b/operator/docs/README.DockerHub-Core.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -45,7 +45,7 @@ You can find resources to help you get started on our [documentation website](ht
- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
## How to use this image
-This `core` image is intended to work in combination with the OWASP secureCodeBox. For more informations details please take a look at the documentation page: https://docs.securecodebox.io/docs/getting-started/installation.
+This `core` image is intended to work in combination with the OWASP secureCodeBox. For more information details please take a look at the documentation page: https://docs.securecodebox.io/docs/getting-started/installation.
```bash
docker pull securecodebox/operator
diff --git a/scanners/amass/README.md b/scanners/amass/README.md
index 5ab4d79d0e..be7521c0f3 100644
--- a/scanners/amass/README.md
+++ b/scanners/amass/README.md
@@ -17,12 +17,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -40,7 +40,7 @@ Otherwise your changes will be reverted/overriden automaticaly due to the build
The [OWASP Amass Project][owasp_amass_project] has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques. To learn more about the Amass scanner itself visit [OWASP Amass Project][owasp_amass_project] or [Amass GitHub].
## Deployment
-The amass `scanType` can be deployed via helm:
+The amass chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/scanners/amass/docs/README.ArtifactHub.md b/scanners/amass/docs/README.ArtifactHub.md
index a467bde1ad..ca2a2f6a86 100644
--- a/scanners/amass/docs/README.ArtifactHub.md
+++ b/scanners/amass/docs/README.ArtifactHub.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -45,7 +45,7 @@ You can find resources to help you get started on our [documentation website](ht
The [OWASP Amass Project][owasp_amass_project] has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques. To learn more about the Amass scanner itself visit [OWASP Amass Project][owasp_amass_project] or [Amass GitHub].
## Deployment
-The amass `scanType` can be deployed via helm:
+The amass chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/scanners/amass/docs/README.DockerHub-Parser.md b/scanners/amass/docs/README.DockerHub-Parser.md
index 55b8420063..7d758e9e80 100644
--- a/scanners/amass/docs/README.DockerHub-Parser.md
+++ b/scanners/amass/docs/README.DockerHub-Parser.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -45,7 +45,7 @@ You can find resources to help you get started on our [documentation website](ht
- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
## How to use this image
-This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more informations details please take a look at the documentation page: https://docs.securecodebox.io/docs/scanners/Amass.
+This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more information details please take a look at the documentation page: https://docs.securecodebox.io/docs/scanners/Amass.
```bash
docker pull securecodebox/parser-amass
diff --git a/scanners/angularjs-csti-scanner/README.md b/scanners/angularjs-csti-scanner/README.md
index 160f88c4e2..fa85056d61 100644
--- a/scanners/angularjs-csti-scanner/README.md
+++ b/scanners/angularjs-csti-scanner/README.md
@@ -17,12 +17,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -43,7 +43,7 @@ finding possible template injection vulnerabilities on websites using AngularJS.
For more information visit the projects [GitHub site][acstis-github].
## Deployment
-The angularjs-csti-scanner `scanType` can be deployed via helm:
+The angularjs-csti-scanner chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/scanners/angularjs-csti-scanner/docs/README.ArtifactHub.md b/scanners/angularjs-csti-scanner/docs/README.ArtifactHub.md
index f388954a6e..389e36e4e8 100644
--- a/scanners/angularjs-csti-scanner/docs/README.ArtifactHub.md
+++ b/scanners/angularjs-csti-scanner/docs/README.ArtifactHub.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -48,7 +48,7 @@ finding possible template injection vulnerabilities on websites using AngularJS.
For more information visit the projects [GitHub site][acstis-github].
## Deployment
-The angularjs-csti-scanner `scanType` can be deployed via helm:
+The angularjs-csti-scanner chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/scanners/angularjs-csti-scanner/docs/README.DockerHub-Parser.md b/scanners/angularjs-csti-scanner/docs/README.DockerHub-Parser.md
index ea1cdf2a4a..9325204996 100644
--- a/scanners/angularjs-csti-scanner/docs/README.DockerHub-Parser.md
+++ b/scanners/angularjs-csti-scanner/docs/README.DockerHub-Parser.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -45,7 +45,7 @@ You can find resources to help you get started on our [documentation website](ht
- tagged releases, e.g. `3.0.6`
## How to use this image
-This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more informations details please take a look at the documentation page: https://docs.securecodebox.io/docs/scanners/angularjs-csti-scanner.
+This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more information details please take a look at the documentation page: https://docs.securecodebox.io/docs/scanners/angularjs-csti-scanner.
```bash
docker pull securecodebox/parser-angularjs-csti-scanner
diff --git a/scanners/angularjs-csti-scanner/docs/README.DockerHub-Scanner.md b/scanners/angularjs-csti-scanner/docs/README.DockerHub-Scanner.md
index ae7b58df98..0995af9eb6 100644
--- a/scanners/angularjs-csti-scanner/docs/README.DockerHub-Scanner.md
+++ b/scanners/angularjs-csti-scanner/docs/README.DockerHub-Scanner.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -45,7 +45,7 @@ You can find resources to help you get started on our [documentation website](ht
- tagged releases, e.g. `3.0.6`
## How to use this image
-This `scanner` image is intended to work in combination with the corresponding `parser` image to parse the scanner `findings` to generic secureCodeBox results. For more informations details please take a look at the [project page][scb-docs] or [documentation page][https://docs.securecodebox.io/docs/scanners/angularjs-csti-scanner].
+This `scanner` image is intended to work in combination with the corresponding `parser` image to parse the scanner `findings` to generic secureCodeBox results. For more information details please take a look at the [project page][scb-docs] or [documentation page][https://docs.securecodebox.io/docs/scanners/angularjs-csti-scanner].
```bash
docker pull securecodebox/scanner-angularjs-csti-scanner
diff --git a/scanners/git-repo-scanner/README.md b/scanners/git-repo-scanner/README.md
index 535a90a5ed..d54d789128 100644
--- a/scanners/git-repo-scanner/README.md
+++ b/scanners/git-repo-scanner/README.md
@@ -15,12 +15,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -40,7 +40,7 @@ is to provide a cascading input for the [gitleaks](https://github.com/secureCode
scanner.
## Deployment
-The git-repo-scanner `scanType` can be deployed via helm:
+The git-repo-scanner chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/scanners/git-repo-scanner/docs/README.ArtifactHub.md b/scanners/git-repo-scanner/docs/README.ArtifactHub.md
index 2f98f55a08..7c297be4b6 100644
--- a/scanners/git-repo-scanner/docs/README.ArtifactHub.md
+++ b/scanners/git-repo-scanner/docs/README.ArtifactHub.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -47,7 +47,7 @@ is to provide a cascading input for the [gitleaks](https://github.com/secureCode
scanner.
## Deployment
-The git-repo-scanner `scanType` can be deployed via helm:
+The git-repo-scanner chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/scanners/git-repo-scanner/docs/README.DockerHub-Parser.md b/scanners/git-repo-scanner/docs/README.DockerHub-Parser.md
index fc0c9ebec9..35665e3fe8 100644
--- a/scanners/git-repo-scanner/docs/README.DockerHub-Parser.md
+++ b/scanners/git-repo-scanner/docs/README.DockerHub-Parser.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -45,7 +45,7 @@ You can find resources to help you get started on our [documentation website](ht
- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
## How to use this image
-This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more informations details please take a look at the documentation page: https://docs.securecodebox.io/docs/scanners/git-repo-scanner.
+This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more information details please take a look at the documentation page: https://docs.securecodebox.io/docs/scanners/git-repo-scanner.
```bash
docker pull securecodebox/parser-git-repo-scanner
diff --git a/scanners/git-repo-scanner/docs/README.DockerHub-Scanner.md b/scanners/git-repo-scanner/docs/README.DockerHub-Scanner.md
index 94dedac6e4..2b961faa36 100644
--- a/scanners/git-repo-scanner/docs/README.DockerHub-Scanner.md
+++ b/scanners/git-repo-scanner/docs/README.DockerHub-Scanner.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -45,7 +45,7 @@ You can find resources to help you get started on our [documentation website](ht
- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
## How to use this image
-This `scanner` image is intended to work in combination with the corresponding `parser` image to parse the scanner `findings` to generic secureCodeBox results. For more informations details please take a look at the [project page][scb-docs] or [documentation page][https://docs.securecodebox.io/docs/scanners/git-repo-scanner].
+This `scanner` image is intended to work in combination with the corresponding `parser` image to parse the scanner `findings` to generic secureCodeBox results. For more information details please take a look at the [project page][scb-docs] or [documentation page][https://docs.securecodebox.io/docs/scanners/git-repo-scanner].
```bash
docker pull securecodebox/scanner-git-repo-scanner
diff --git a/scanners/gitleaks/README.md b/scanners/gitleaks/README.md
index bf32daf165..0f1e4ed1e7 100644
--- a/scanners/gitleaks/README.md
+++ b/scanners/gitleaks/README.md
@@ -17,12 +17,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -44,7 +44,7 @@ with all commits up to the initial one.
To learn more about gitleaks visit .
## Deployment
-The gitleaks `scanType` can be deployed via helm:
+The gitleaks chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/scanners/gitleaks/docs/README.ArtifactHub.md b/scanners/gitleaks/docs/README.ArtifactHub.md
index 8130c6cc4e..175c485e78 100644
--- a/scanners/gitleaks/docs/README.ArtifactHub.md
+++ b/scanners/gitleaks/docs/README.ArtifactHub.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -49,7 +49,7 @@ with all commits up to the initial one.
To learn more about gitleaks visit .
## Deployment
-The gitleaks `scanType` can be deployed via helm:
+The gitleaks chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/scanners/gitleaks/docs/README.DockerHub-Parser.md b/scanners/gitleaks/docs/README.DockerHub-Parser.md
index c81e214566..458d508060 100644
--- a/scanners/gitleaks/docs/README.DockerHub-Parser.md
+++ b/scanners/gitleaks/docs/README.DockerHub-Parser.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -45,7 +45,7 @@ You can find resources to help you get started on our [documentation website](ht
- tagged releases, e.g. `v7.5.0`
## How to use this image
-This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more informations details please take a look at the documentation page: https://docs.securecodebox.io/docs/scanners/gitleaks.
+This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more information details please take a look at the documentation page: https://docs.securecodebox.io/docs/scanners/gitleaks.
```bash
docker pull securecodebox/parser-gitleaks
diff --git a/scanners/gitleaks/docs/README.DockerHub-Scanner.md b/scanners/gitleaks/docs/README.DockerHub-Scanner.md
index d51058dd63..efcf90e0ec 100644
--- a/scanners/gitleaks/docs/README.DockerHub-Scanner.md
+++ b/scanners/gitleaks/docs/README.DockerHub-Scanner.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -45,7 +45,7 @@ You can find resources to help you get started on our [documentation website](ht
- tagged releases, e.g. `v7.5.0`
## How to use this image
-This `scanner` image is intended to work in combination with the corresponding `parser` image to parse the scanner `findings` to generic secureCodeBox results. For more informations details please take a look at the [project page][scb-docs] or [documentation page][https://docs.securecodebox.io/docs/scanners/gitleaks].
+This `scanner` image is intended to work in combination with the corresponding `parser` image to parse the scanner `findings` to generic secureCodeBox results. For more information details please take a look at the [project page][scb-docs] or [documentation page][https://docs.securecodebox.io/docs/scanners/gitleaks].
```bash
docker pull securecodebox/scanner-gitleaks
diff --git a/scanners/kube-hunter/README.md b/scanners/kube-hunter/README.md
index 16751da443..3691743047 100644
--- a/scanners/kube-hunter/README.md
+++ b/scanners/kube-hunter/README.md
@@ -15,12 +15,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -39,7 +39,7 @@ kube-hunter hunts for security weaknesses in Kubernetes clusters. The tool was d
To learn more about the kube-hunter scanner itself visit [kube-hunter GitHub] or [kube-hunter Website].
## Deployment
-The kube-hunter `scanType` can be deployed via helm:
+The kube-hunter chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/scanners/kube-hunter/docs/README.ArtifactHub.md b/scanners/kube-hunter/docs/README.ArtifactHub.md
index 50c7f093be..d560f06c37 100644
--- a/scanners/kube-hunter/docs/README.ArtifactHub.md
+++ b/scanners/kube-hunter/docs/README.ArtifactHub.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -46,7 +46,7 @@ kube-hunter hunts for security weaknesses in Kubernetes clusters. The tool was d
To learn more about the kube-hunter scanner itself visit [kube-hunter GitHub] or [kube-hunter Website].
## Deployment
-The kube-hunter `scanType` can be deployed via helm:
+The kube-hunter chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/scanners/kube-hunter/docs/README.DockerHub-Parser.md b/scanners/kube-hunter/docs/README.DockerHub-Parser.md
index b7b9c231be..554661013c 100644
--- a/scanners/kube-hunter/docs/README.DockerHub-Parser.md
+++ b/scanners/kube-hunter/docs/README.DockerHub-Parser.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -45,7 +45,7 @@ You can find resources to help you get started on our [documentation website](ht
- tagged releases, e.g. `0.4.1`
## How to use this image
-This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more informations details please take a look at the documentation page: https://docs.securecodebox.io/docs/scanners/kube-hunter.
+This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more information details please take a look at the documentation page: https://docs.securecodebox.io/docs/scanners/kube-hunter.
```bash
docker pull securecodebox/parser-kube-hunter
diff --git a/scanners/kube-hunter/docs/README.DockerHub-Scanner.md b/scanners/kube-hunter/docs/README.DockerHub-Scanner.md
index e59338aa8f..55c7c830a1 100644
--- a/scanners/kube-hunter/docs/README.DockerHub-Scanner.md
+++ b/scanners/kube-hunter/docs/README.DockerHub-Scanner.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -45,7 +45,7 @@ You can find resources to help you get started on our [documentation website](ht
- tagged releases, e.g. `0.4.1`
## How to use this image
-This `scanner` image is intended to work in combination with the corresponding `parser` image to parse the scanner `findings` to generic secureCodeBox results. For more informations details please take a look at the [project page][scb-docs] or [documentation page][https://docs.securecodebox.io/docs/scanners/kube-hunter].
+This `scanner` image is intended to work in combination with the corresponding `parser` image to parse the scanner `findings` to generic secureCodeBox results. For more information details please take a look at the [project page][scb-docs] or [documentation page][https://docs.securecodebox.io/docs/scanners/kube-hunter].
```bash
docker pull securecodebox/scanner-kube-hunter
diff --git a/scanners/kubeaudit/README.md b/scanners/kubeaudit/README.md
index ae58160413..bab4306786 100644
--- a/scanners/kubeaudit/README.md
+++ b/scanners/kubeaudit/README.md
@@ -15,12 +15,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -42,7 +42,7 @@ You can find the complete list of [auditors here](https://github.com/Shopify/kub
To learn more about the kubeaudit itself visit [kubeaudit GitHub].
## Deployment
-The kubeaudit `scanType` can be deployed via helm:
+The kubeaudit chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/scanners/kubeaudit/docs/README.ArtifactHub.md b/scanners/kubeaudit/docs/README.ArtifactHub.md
index 357268d6a4..eb9b12cda7 100644
--- a/scanners/kubeaudit/docs/README.ArtifactHub.md
+++ b/scanners/kubeaudit/docs/README.ArtifactHub.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -49,7 +49,7 @@ You can find the complete list of [auditors here](https://github.com/Shopify/kub
To learn more about the kubeaudit itself visit [kubeaudit GitHub].
## Deployment
-The kubeaudit `scanType` can be deployed via helm:
+The kubeaudit chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/scanners/kubeaudit/docs/README.DockerHub-Parser.md b/scanners/kubeaudit/docs/README.DockerHub-Parser.md
index 1bdb0b38b7..e2b445ec81 100644
--- a/scanners/kubeaudit/docs/README.DockerHub-Parser.md
+++ b/scanners/kubeaudit/docs/README.DockerHub-Parser.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -45,7 +45,7 @@ You can find resources to help you get started on our [documentation website](ht
- tagged releases, e.g. `v0.14.1`
## How to use this image
-This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more informations details please take a look at the documentation page: https://docs.securecodebox.io/docs/scanners/kubeaudit.
+This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more information details please take a look at the documentation page: https://docs.securecodebox.io/docs/scanners/kubeaudit.
```bash
docker pull securecodebox/parser-kubeaudit
diff --git a/scanners/kubeaudit/docs/README.DockerHub-Scanner.md b/scanners/kubeaudit/docs/README.DockerHub-Scanner.md
index 6aa6fee316..88c5c0a5c3 100644
--- a/scanners/kubeaudit/docs/README.DockerHub-Scanner.md
+++ b/scanners/kubeaudit/docs/README.DockerHub-Scanner.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -45,7 +45,7 @@ You can find resources to help you get started on our [documentation website](ht
- tagged releases, e.g. `v0.14.1`
## How to use this image
-This `scanner` image is intended to work in combination with the corresponding `parser` image to parse the scanner `findings` to generic secureCodeBox results. For more informations details please take a look at the [project page][scb-docs] or [documentation page][https://docs.securecodebox.io/docs/scanners/kubeaudit].
+This `scanner` image is intended to work in combination with the corresponding `parser` image to parse the scanner `findings` to generic secureCodeBox results. For more information details please take a look at the [project page][scb-docs] or [documentation page][https://docs.securecodebox.io/docs/scanners/kubeaudit].
```bash
docker pull securecodebox/scanner-kubeaudit
diff --git a/scanners/ncrack/README.md b/scanners/ncrack/README.md
index 55b5d9576c..2150fc9ad7 100644
--- a/scanners/ncrack/README.md
+++ b/scanners/ncrack/README.md
@@ -15,12 +15,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -39,7 +39,7 @@ Ncrack is a high-speed network authentication cracking tool. It was built to hel
To learn more about the Ncrack scanner itself visit [Ncrack GitHub] or [Ncrack Website].
## Deployment
-The ncrack `scanType` can be deployed via helm:
+The ncrack chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/scanners/ncrack/docs/README.ArtifactHub.md b/scanners/ncrack/docs/README.ArtifactHub.md
index faffaf0631..79b1473c5a 100644
--- a/scanners/ncrack/docs/README.ArtifactHub.md
+++ b/scanners/ncrack/docs/README.ArtifactHub.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -46,7 +46,7 @@ Ncrack is a high-speed network authentication cracking tool. It was built to hel
To learn more about the Ncrack scanner itself visit [Ncrack GitHub] or [Ncrack Website].
## Deployment
-The ncrack `scanType` can be deployed via helm:
+The ncrack chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/scanners/ncrack/docs/README.DockerHub-Parser.md b/scanners/ncrack/docs/README.DockerHub-Parser.md
index 22df3d29b2..ba9e2dd29c 100644
--- a/scanners/ncrack/docs/README.DockerHub-Parser.md
+++ b/scanners/ncrack/docs/README.DockerHub-Parser.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -45,7 +45,7 @@ You can find resources to help you get started on our [documentation website](ht
- tagged releases, e.g. `0.7`
## How to use this image
-This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more informations details please take a look at the documentation page: https://docs.securecodebox.io/docs/scanners/Ncrack.
+This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more information details please take a look at the documentation page: https://docs.securecodebox.io/docs/scanners/Ncrack.
```bash
docker pull securecodebox/parser-ncrack
diff --git a/scanners/ncrack/docs/README.DockerHub-Scanner.md b/scanners/ncrack/docs/README.DockerHub-Scanner.md
index 3478150b72..34529a6dc3 100644
--- a/scanners/ncrack/docs/README.DockerHub-Scanner.md
+++ b/scanners/ncrack/docs/README.DockerHub-Scanner.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -45,7 +45,7 @@ You can find resources to help you get started on our [documentation website](ht
- tagged releases, e.g. `0.7`
## How to use this image
-This `scanner` image is intended to work in combination with the corresponding `parser` image to parse the scanner `findings` to generic secureCodeBox results. For more informations details please take a look at the [project page][scb-docs] or [documentation page][https://docs.securecodebox.io/docs/scanners/Ncrack].
+This `scanner` image is intended to work in combination with the corresponding `parser` image to parse the scanner `findings` to generic secureCodeBox results. For more information details please take a look at the [project page][scb-docs] or [documentation page][https://docs.securecodebox.io/docs/scanners/Ncrack].
```bash
docker pull securecodebox/scanner-ncrack
diff --git a/scanners/nikto/README.md b/scanners/nikto/README.md
index 0bbe76a47b..baa3eb9ad7 100644
--- a/scanners/nikto/README.md
+++ b/scanners/nikto/README.md
@@ -17,12 +17,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -39,7 +39,7 @@ Otherwise your changes will be reverted/overriden automaticaly due to the build
Nikto is a free software command-line vulnerability scanner that scans webservers for dangerous files/CGIs, outdated server software and other problems. It performs generic and server type specific checks. It also captures and prints any cookies received. To learn more about the Nikto scanner itself visit [cirt.net] or [Nikto GitHub].
## Deployment
-The nikto `scanType` can be deployed via helm:
+The nikto chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/scanners/nikto/docs/README.ArtifactHub.md b/scanners/nikto/docs/README.ArtifactHub.md
index d66e66716b..764909d5e6 100644
--- a/scanners/nikto/docs/README.ArtifactHub.md
+++ b/scanners/nikto/docs/README.ArtifactHub.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -44,7 +44,7 @@ You can find resources to help you get started on our [documentation website](ht
Nikto is a free software command-line vulnerability scanner that scans webservers for dangerous files/CGIs, outdated server software and other problems. It performs generic and server type specific checks. It also captures and prints any cookies received. To learn more about the Nikto scanner itself visit [cirt.net] or [Nikto GitHub].
## Deployment
-The nikto `scanType` can be deployed via helm:
+The nikto chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/scanners/nikto/docs/README.DockerHub-Parser.md b/scanners/nikto/docs/README.DockerHub-Parser.md
index 747925bf3e..4c3a2782d9 100644
--- a/scanners/nikto/docs/README.DockerHub-Parser.md
+++ b/scanners/nikto/docs/README.DockerHub-Parser.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -45,7 +45,7 @@ You can find resources to help you get started on our [documentation website](ht
- tagged releases, e.g. `2.1.6`
## How to use this image
-This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more informations details please take a look at the documentation page: https://docs.securecodebox.io/docs/scanners/Nikto.
+This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more information details please take a look at the documentation page: https://docs.securecodebox.io/docs/scanners/Nikto.
```bash
docker pull securecodebox/parser-nikto
diff --git a/scanners/nikto/docs/README.DockerHub-Scanner.md b/scanners/nikto/docs/README.DockerHub-Scanner.md
index fd2221adb3..efa60c0f54 100644
--- a/scanners/nikto/docs/README.DockerHub-Scanner.md
+++ b/scanners/nikto/docs/README.DockerHub-Scanner.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -45,7 +45,7 @@ You can find resources to help you get started on our [documentation website](ht
- tagged releases, e.g. `2.1.6`
## How to use this image
-This `scanner` image is intended to work in combination with the corresponding `parser` image to parse the scanner `findings` to generic secureCodeBox results. For more informations details please take a look at the [project page][scb-docs] or [documentation page][https://docs.securecodebox.io/docs/scanners/Nikto].
+This `scanner` image is intended to work in combination with the corresponding `parser` image to parse the scanner `findings` to generic secureCodeBox results. For more information details please take a look at the [project page][scb-docs] or [documentation page][https://docs.securecodebox.io/docs/scanners/Nikto].
```bash
docker pull securecodebox/scanner-nikto
diff --git a/scanners/nmap/README.md b/scanners/nmap/README.md
index e11a544ce7..83424a1ed8 100644
--- a/scanners/nmap/README.md
+++ b/scanners/nmap/README.md
@@ -17,12 +17,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -41,7 +41,7 @@ Nmap ("Network Mapper") is a free and open source (license) utility for network
To learn more about the Nmap scanner itself visit [nmap.org].
## Deployment
-The nmap `scanType` can be deployed via helm:
+The nmap chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/scanners/nmap/docs/README.ArtifactHub.md b/scanners/nmap/docs/README.ArtifactHub.md
index 1724019466..bab1e699c7 100644
--- a/scanners/nmap/docs/README.ArtifactHub.md
+++ b/scanners/nmap/docs/README.ArtifactHub.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -46,7 +46,7 @@ Nmap ("Network Mapper") is a free and open source (license) utility for network
To learn more about the Nmap scanner itself visit [nmap.org].
## Deployment
-The nmap `scanType` can be deployed via helm:
+The nmap chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/scanners/nmap/docs/README.DockerHub-Parser.md b/scanners/nmap/docs/README.DockerHub-Parser.md
index 1a79c632b5..183e61679d 100644
--- a/scanners/nmap/docs/README.DockerHub-Parser.md
+++ b/scanners/nmap/docs/README.DockerHub-Parser.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -45,7 +45,7 @@ You can find resources to help you get started on our [documentation website](ht
- tagged releases, e.g. `7.91-r0`
## How to use this image
-This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more informations details please take a look at the documentation page: https://docs.securecodebox.io/docs/scanners/Nmap.
+This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more information details please take a look at the documentation page: https://docs.securecodebox.io/docs/scanners/Nmap.
```bash
docker pull securecodebox/parser-nmap
diff --git a/scanners/nmap/docs/README.DockerHub-Scanner.md b/scanners/nmap/docs/README.DockerHub-Scanner.md
index 16283f278b..29c76d5725 100644
--- a/scanners/nmap/docs/README.DockerHub-Scanner.md
+++ b/scanners/nmap/docs/README.DockerHub-Scanner.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -45,7 +45,7 @@ You can find resources to help you get started on our [documentation website](ht
- tagged releases, e.g. `7.91-r0`
## How to use this image
-This `scanner` image is intended to work in combination with the corresponding `parser` image to parse the scanner `findings` to generic secureCodeBox results. For more informations details please take a look at the [project page][scb-docs] or [documentation page][https://docs.securecodebox.io/docs/scanners/Nmap].
+This `scanner` image is intended to work in combination with the corresponding `parser` image to parse the scanner `findings` to generic secureCodeBox results. For more information details please take a look at the [project page][scb-docs] or [documentation page][https://docs.securecodebox.io/docs/scanners/Nmap].
```bash
docker pull securecodebox/scanner-nmap
diff --git a/scanners/screenshooter/README.md b/scanners/screenshooter/README.md
index d8e7ab95ff..5b8b489ce5 100644
--- a/scanners/screenshooter/README.md
+++ b/scanners/screenshooter/README.md
@@ -17,12 +17,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -40,7 +40,7 @@ Otherwise your changes will be reverted/overriden automaticaly due to the build
Screenshoter is a simple scanner that takes Screenshots of Websites. Therefore it's using an embeded Firefox Browser.
## Deployment
-The screenshooter `scanType` can be deployed via helm:
+The screenshooter chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/scanners/screenshooter/docs/README.ArtifactHub.md b/scanners/screenshooter/docs/README.ArtifactHub.md
index 0cd410f93f..0d31b97b29 100644
--- a/scanners/screenshooter/docs/README.ArtifactHub.md
+++ b/scanners/screenshooter/docs/README.ArtifactHub.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -45,7 +45,7 @@ You can find resources to help you get started on our [documentation website](ht
Screenshoter is a simple scanner that takes Screenshots of Websites. Therefore it's using an embeded Firefox Browser.
## Deployment
-The screenshooter `scanType` can be deployed via helm:
+The screenshooter chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/scanners/screenshooter/docs/README.DockerHub-Parser.md b/scanners/screenshooter/docs/README.DockerHub-Parser.md
index 040962f93b..533e841c2a 100644
--- a/scanners/screenshooter/docs/README.DockerHub-Parser.md
+++ b/scanners/screenshooter/docs/README.DockerHub-Parser.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -45,7 +45,7 @@ You can find resources to help you get started on our [documentation website](ht
- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
## How to use this image
-This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more informations details please take a look at the documentation page: https://docs.securecodebox.io/docs/scanners/Screenshooter.
+This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more information details please take a look at the documentation page: https://docs.securecodebox.io/docs/scanners/Screenshooter.
```bash
docker pull securecodebox/parser-screenshooter
diff --git a/scanners/screenshooter/docs/README.DockerHub-Scanner.md b/scanners/screenshooter/docs/README.DockerHub-Scanner.md
index 774dee3a4c..24376cbee7 100644
--- a/scanners/screenshooter/docs/README.DockerHub-Scanner.md
+++ b/scanners/screenshooter/docs/README.DockerHub-Scanner.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -45,7 +45,7 @@ You can find resources to help you get started on our [documentation website](ht
- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
## How to use this image
-This `scanner` image is intended to work in combination with the corresponding `parser` image to parse the scanner `findings` to generic secureCodeBox results. For more informations details please take a look at the [project page][scb-docs] or [documentation page][https://docs.securecodebox.io/docs/scanners/Screenshooter].
+This `scanner` image is intended to work in combination with the corresponding `parser` image to parse the scanner `findings` to generic secureCodeBox results. For more information details please take a look at the [project page][scb-docs] or [documentation page][https://docs.securecodebox.io/docs/scanners/Screenshooter].
```bash
docker pull securecodebox/scanner-screenshooter
diff --git a/scanners/ssh-scan/README.md b/scanners/ssh-scan/README.md
index 7c695e2cf2..1a95e1490d 100644
--- a/scanners/ssh-scan/README.md
+++ b/scanners/ssh-scan/README.md
@@ -15,12 +15,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -40,7 +40,7 @@ SSH_scan is an easy-to-use prototype SSH configuration and policy scanner, inspi
To learn more about the ssh_scan scanner itself visit [ssh_scan GitHub].
## Deployment
-The ssh-scan `scanType` can be deployed via helm:
+The ssh-scan chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/scanners/ssh-scan/docs/README.ArtifactHub.md b/scanners/ssh-scan/docs/README.ArtifactHub.md
index 19aea36176..308b2adf7f 100644
--- a/scanners/ssh-scan/docs/README.ArtifactHub.md
+++ b/scanners/ssh-scan/docs/README.ArtifactHub.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -47,7 +47,7 @@ SSH_scan is an easy-to-use prototype SSH configuration and policy scanner, inspi
To learn more about the ssh_scan scanner itself visit [ssh_scan GitHub].
## Deployment
-The ssh-scan `scanType` can be deployed via helm:
+The ssh-scan chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/scanners/ssh-scan/docs/README.DockerHub-Parser.md b/scanners/ssh-scan/docs/README.DockerHub-Parser.md
index c1050a0603..b122ae2421 100644
--- a/scanners/ssh-scan/docs/README.DockerHub-Parser.md
+++ b/scanners/ssh-scan/docs/README.DockerHub-Parser.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -45,7 +45,7 @@ You can find resources to help you get started on our [documentation website](ht
- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
## How to use this image
-This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more informations details please take a look at the documentation page: https://docs.securecodebox.io/docs/scanners/SSH.
+This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more information details please take a look at the documentation page: https://docs.securecodebox.io/docs/scanners/SSH.
```bash
docker pull securecodebox/parser-ssh-scan
diff --git a/scanners/sslyze/README.md b/scanners/sslyze/README.md
index 23c489b6f0..2436b9803f 100644
--- a/scanners/sslyze/README.md
+++ b/scanners/sslyze/README.md
@@ -15,12 +15,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -38,7 +38,7 @@ Otherwise your changes will be reverted/overriden automaticaly due to the build
[SSLyze][SSLyze Documentation] is a Python library and a CLI tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify mis-configurations affecting their SSL/TLS servers. To learn more about the SSLyze scanner itself visit or [SSLyze GitHub].
## Deployment
-The sslyze `scanType` can be deployed via helm:
+The sslyze chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/scanners/sslyze/docs/README.ArtifactHub.md b/scanners/sslyze/docs/README.ArtifactHub.md
index 70f6df0ef8..7f8e1202e4 100644
--- a/scanners/sslyze/docs/README.ArtifactHub.md
+++ b/scanners/sslyze/docs/README.ArtifactHub.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -45,7 +45,7 @@ You can find resources to help you get started on our [documentation website](ht
[SSLyze][SSLyze Documentation] is a Python library and a CLI tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify mis-configurations affecting their SSL/TLS servers. To learn more about the SSLyze scanner itself visit or [SSLyze GitHub].
## Deployment
-The sslyze `scanType` can be deployed via helm:
+The sslyze chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/scanners/sslyze/docs/README.DockerHub-Parser.md b/scanners/sslyze/docs/README.DockerHub-Parser.md
index f0250c0b2f..41db3f8c58 100644
--- a/scanners/sslyze/docs/README.DockerHub-Parser.md
+++ b/scanners/sslyze/docs/README.DockerHub-Parser.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -45,7 +45,7 @@ You can find resources to help you get started on our [documentation website](ht
- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
## How to use this image
-This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more informations details please take a look at the documentation page: https://docs.securecodebox.io/docs/scanners/SSLyze.
+This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more information details please take a look at the documentation page: https://docs.securecodebox.io/docs/scanners/SSLyze.
```bash
docker pull securecodebox/parser-sslyze
diff --git a/scanners/test-scan/README.md b/scanners/test-scan/README.md
index a1d6fcb717..2a91a82d50 100644
--- a/scanners/test-scan/README.md
+++ b/scanners/test-scan/README.md
@@ -16,12 +16,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -40,7 +40,7 @@ The `test-scan` type is used internally in the secureCodeBox to test the operato
It's rather unlikely that you'll need this outside of testing usecases, as it doesn't really do anything ;)
## Deployment
-The test-scan `scanType` can be deployed via helm:
+The test-scan chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/scanners/test-scan/docs/README.ArtifactHub.md b/scanners/test-scan/docs/README.ArtifactHub.md
index ed95c1c256..546ca57c28 100644
--- a/scanners/test-scan/docs/README.ArtifactHub.md
+++ b/scanners/test-scan/docs/README.ArtifactHub.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -46,7 +46,7 @@ The `test-scan` type is used internally in the secureCodeBox to test the operato
It's rather unlikely that you'll need this outside of testing usecases, as it doesn't really do anything ;)
## Deployment
-The test-scan `scanType` can be deployed via helm:
+The test-scan chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/scanners/test-scan/docs/README.DockerHub-Parser.md b/scanners/test-scan/docs/README.DockerHub-Parser.md
index fbbb57e570..88f6fa025c 100644
--- a/scanners/test-scan/docs/README.DockerHub-Parser.md
+++ b/scanners/test-scan/docs/README.DockerHub-Parser.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -45,7 +45,7 @@ You can find resources to help you get started on our [documentation website](ht
- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
## How to use this image
-This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more informations details please take a look at the documentation page: .
+This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more information details please take a look at the documentation page: .
```bash
docker pull securecodebox/parser-test-scan
diff --git a/scanners/test-scan/docs/README.DockerHub-Scanner.md b/scanners/test-scan/docs/README.DockerHub-Scanner.md
index 5e08ab3c69..b6ec2d6dc0 100644
--- a/scanners/test-scan/docs/README.DockerHub-Scanner.md
+++ b/scanners/test-scan/docs/README.DockerHub-Scanner.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -45,7 +45,7 @@ You can find resources to help you get started on our [documentation website](ht
- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
## How to use this image
-This `scanner` image is intended to work in combination with the corresponding `parser` image to parse the scanner `findings` to generic secureCodeBox results. For more informations details please take a look at the [project page][scb-docs] or [documentation page][].
+This `scanner` image is intended to work in combination with the corresponding `parser` image to parse the scanner `findings` to generic secureCodeBox results. For more information details please take a look at the [project page][scb-docs] or [documentation page][].
```bash
docker pull securecodebox/scanner-test-scan
diff --git a/scanners/trivy/README.md b/scanners/trivy/README.md
index 5ee9edd767..a6108ce745 100644
--- a/scanners/trivy/README.md
+++ b/scanners/trivy/README.md
@@ -15,12 +15,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -43,7 +43,7 @@ A software vulnerability is a glitch, flaw, or weakness present in the software
To learn more about the Trivy scanner itself visit on [Trivy's GitHub Repository](https://github.com/aquasecurity/trivy).
## Deployment
-The trivy `scanType` can be deployed via helm:
+The trivy chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/scanners/trivy/docs/README.ArtifactHub.md b/scanners/trivy/docs/README.ArtifactHub.md
index e2a8c82631..39201d1b20 100644
--- a/scanners/trivy/docs/README.ArtifactHub.md
+++ b/scanners/trivy/docs/README.ArtifactHub.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -50,7 +50,7 @@ A software vulnerability is a glitch, flaw, or weakness present in the software
To learn more about the Trivy scanner itself visit on [Trivy's GitHub Repository](https://github.com/aquasecurity/trivy).
## Deployment
-The trivy `scanType` can be deployed via helm:
+The trivy chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/scanners/trivy/docs/README.DockerHub-Parser.md b/scanners/trivy/docs/README.DockerHub-Parser.md
index e53e2f7e46..e998664a01 100644
--- a/scanners/trivy/docs/README.DockerHub-Parser.md
+++ b/scanners/trivy/docs/README.DockerHub-Parser.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -45,7 +45,7 @@ You can find resources to help you get started on our [documentation website](ht
- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
## How to use this image
-This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more informations details please take a look at the documentation page: https://docs.securecodebox.io/docs/scanners/Trivy.
+This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more information details please take a look at the documentation page: https://docs.securecodebox.io/docs/scanners/Trivy.
```bash
docker pull securecodebox/parser-trivy
diff --git a/scanners/wpscan/README.md b/scanners/wpscan/README.md
index 1828b05b21..ba903cce36 100644
--- a/scanners/wpscan/README.md
+++ b/scanners/wpscan/README.md
@@ -17,12 +17,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -44,7 +44,7 @@ WPScan is a free, for non-commercial use, black box WordPress vulnerability scan
To learn more about the WPScan scanner itself visit [wpscan.org] or [wpscan.io].
## Deployment
-The wpscan `scanType` can be deployed via helm:
+The wpscan chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/scanners/wpscan/docs/README.ArtifactHub.md b/scanners/wpscan/docs/README.ArtifactHub.md
index 012aec4d6c..c235658f78 100644
--- a/scanners/wpscan/docs/README.ArtifactHub.md
+++ b/scanners/wpscan/docs/README.ArtifactHub.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -49,7 +49,7 @@ WPScan is a free, for non-commercial use, black box WordPress vulnerability scan
To learn more about the WPScan scanner itself visit [wpscan.org] or [wpscan.io].
## Deployment
-The wpscan `scanType` can be deployed via helm:
+The wpscan chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/scanners/wpscan/docs/README.DockerHub-Parser.md b/scanners/wpscan/docs/README.DockerHub-Parser.md
index 29461391ff..fe97a201f9 100644
--- a/scanners/wpscan/docs/README.DockerHub-Parser.md
+++ b/scanners/wpscan/docs/README.DockerHub-Parser.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -45,7 +45,7 @@ You can find resources to help you get started on our [documentation website](ht
- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
## How to use this image
-This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more informations details please take a look at the documentation page: https://docs.securecodebox.io/docs/scanners/WPScan.
+This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more information details please take a look at the documentation page: https://docs.securecodebox.io/docs/scanners/WPScan.
```bash
docker pull securecodebox/parser-wpscan
diff --git a/scanners/zap-advanced/README.md b/scanners/zap-advanced/README.md
index ce0eae2b70..3af274d7ce 100644
--- a/scanners/zap-advanced/README.md
+++ b/scanners/zap-advanced/README.md
@@ -17,12 +17,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -42,7 +42,7 @@ The [OWASP Zed Attack Proxy (ZAP)][zap owasp project] is one of the world’s mo
To learn more about the ZAP scanner itself visit [https://www.zaproxy.org/](https://www.zaproxy.org/).
## Deployment
-The zap-advanced `scanType` can be deployed via helm:
+The zap-advanced chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/scanners/zap-advanced/docs/README.ArtifactHub.md b/scanners/zap-advanced/docs/README.ArtifactHub.md
index b477d11c88..7820116a28 100644
--- a/scanners/zap-advanced/docs/README.ArtifactHub.md
+++ b/scanners/zap-advanced/docs/README.ArtifactHub.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -47,7 +47,7 @@ The [OWASP Zed Attack Proxy (ZAP)][zap owasp project] is one of the world’s mo
To learn more about the ZAP scanner itself visit [https://www.zaproxy.org/](https://www.zaproxy.org/).
## Deployment
-The zap-advanced `scanType` can be deployed via helm:
+The zap-advanced chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/scanners/zap-advanced/docs/README.DockerHub-Scanner.md b/scanners/zap-advanced/docs/README.DockerHub-Scanner.md
index 0fea2431f5..3965bbdd27 100644
--- a/scanners/zap-advanced/docs/README.DockerHub-Scanner.md
+++ b/scanners/zap-advanced/docs/README.DockerHub-Scanner.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -45,7 +45,7 @@ You can find resources to help you get started on our [documentation website](ht
- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
## How to use this image
-This `scanner` image is intended to work in combination with the corresponding `parser` image to parse the scanner `findings` to generic secureCodeBox results. For more informations details please take a look at the [project page][scb-docs] or [documentation page][https://docs.securecodebox.io/docs/scanners/ZAP].
+This `scanner` image is intended to work in combination with the corresponding `parser` image to parse the scanner `findings` to generic secureCodeBox results. For more information details please take a look at the [project page][scb-docs] or [documentation page][https://docs.securecodebox.io/docs/scanners/ZAP].
```bash
docker pull securecodebox/scanner-zap-advanced
diff --git a/scanners/zap/README.md b/scanners/zap/README.md
index e21dd20852..8f640566e7 100644
--- a/scanners/zap/README.md
+++ b/scanners/zap/README.md
@@ -17,12 +17,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -42,7 +42,7 @@ The [OWASP Zed Attack Proxy (ZAP)][zap owasp project] is one of the world’s mo
To learn more about the ZAP scanner itself visit [https://www.zaproxy.org/](https://www.zaproxy.org/).
## Deployment
-The zap `scanType` can be deployed via helm:
+The zap chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/scanners/zap/docs/README.ArtifactHub.md b/scanners/zap/docs/README.ArtifactHub.md
index 7a78165874..d77b40d62e 100644
--- a/scanners/zap/docs/README.ArtifactHub.md
+++ b/scanners/zap/docs/README.ArtifactHub.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -47,7 +47,7 @@ The [OWASP Zed Attack Proxy (ZAP)][zap owasp project] is one of the world’s mo
To learn more about the ZAP scanner itself visit [https://www.zaproxy.org/](https://www.zaproxy.org/).
## Deployment
-The zap `scanType` can be deployed via helm:
+The zap chart can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
diff --git a/scanners/zap/docs/README.DockerHub-Parser.md b/scanners/zap/docs/README.DockerHub-Parser.md
index 4093972c50..5c86a32f41 100644
--- a/scanners/zap/docs/README.DockerHub-Parser.md
+++ b/scanners/zap/docs/README.DockerHub-Parser.md
@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
@@ -45,7 +45,7 @@ You can find resources to help you get started on our [documentation website](ht
- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
## How to use this image
-This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more informations details please take a look at the documentation page: https://docs.securecodebox.io/docs/scanners/ZAP.
+This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more information details please take a look at the documentation page: https://docs.securecodebox.io/docs/scanners/ZAP.
```bash
docker pull securecodebox/parser-zap
+
+ 
+